Add Metric Aggregation inside the bucket aggregation query to get metrics of all buckets using DSL Query

Elastic Stack Elasticsearch
1

Hi,

I am able to get bucket aggregation results for below DSL Query,But I want to get metric aggregation for all buckets inside the same bucket aggregation query.

Bucket aggrgation query:

{
  "size": 0,
      "query": {
        "bool": {
            "filter": [
                {
                    "range": {
                        "@timestamp": {
                            "from": "{{period_end}}||-100d",
                            "to": "{{period_end}}",
                            "include_lower": true,
                            "include_upper": true,
                            "format": "epoch_millis",
                            "boost": 1
                        }
                    }
                },
                 {
                    "terms": {
                        "function_name.keyword": [
                            "RM2"
                        ],
                        "boost": 1
                    }
                },
                 {
                    "terms": {
                        "asset_name.keyword": [
                            "R1SD MOTOR DS"
                        ],
                        "boost": 1
                    }
                }
                ]
        }
      },
  "aggregations": {
    "no_of_tag_id": {
      "terms": {
        "field": "tag.id.keyword",
        "size": 2
      }
    }
  }}

Output:

{
    "_shards": {
        "total": 1,
        "failed": 0,
        "successful": 1,
        "skipped": 0
    },
    "hits": {
        "hits": [],
        "total": {
            "value": 34,
            "relation": "eq"
        },
        "max_score": null
    },
    "took": 3,
    "timed_out": false,
    "aggregations": {
        "no_of_tag_id": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 15,
            "buckets": [
                {
                    "doc_count": 14,
                    "key": "M_E2MDD_CFB_d44a8194-d088-4d63-bba3-149da373cffd"
                },
                {
                    "doc_count": 5,
                    "key": "I_DRV155_CFB_d44a8194-d088-4d63-bba3-149da373cffd"
                }
            ]
        }
    }
}

When I added nexted metric aggregation query inside bucket aggregation, I am getting results of only metric aggregation query and not bucket aggregation.

metric+bucket aggs dsl query:

{
  "size": 0,
      "query": {
        "bool": {
            "filter": [
                {
                    "range": {
                        "@timestamp": {
                            "from": "{{period_end}}||-100d",
                            "to": "{{period_end}}",
                            "include_lower": true,
                            "include_upper": true,
                            "format": "epoch_millis",
                            "boost": 1
                        }
                    }
                },
                 {
                    "terms": {
                        "function_name.keyword": [
                            "RM2"
                        ],
                        "boost": 1
                    }
                },
                 {
                    "terms": {
                        "asset_name.keyword": [
                            "R1SD MOTOR DS"
                        ],
                        "boost": 1
                    }
                }
                ]
        }
      },
  "aggregations": {
    "no_of_tag_id": {
      "terms": {
        "field": "tag.id.keyword",
        "size": 2
      }
    }
    },
     "aggs": {
                "max_value_per_bucket": {
                    "max": {
                        "field": "tag.value"
                    }
                }
     }}

OUTPUT:

{
    "_shards": {
        "total": 1,
        "failed": 0,
        "successful": 1,
        "skipped": 0
    },
    "hits": {
        "hits": [],
        "total": {
            "value": 34,
            "relation": "eq"
        },
        "max_score": null
    },
    "took": 3,
    "timed_out": false,
      "aggregations": {
          "max_value_per_bucket": {
              "value": 3000
          }
      }
}

I want to get metric aggregation per bucket.

Expected Output:

{
    "_shards": {
        "total": 1,
        "failed": 0,
        "successful": 1,
        "skipped": 0
    },
    "hits": {
        "hits": [],
        "total": {
            "value": 34,
            "relation": "eq"
        },
        "max_score": null
    },
    "took": 2,
    "timed_out": false,
    "aggregations": {
        "no_of_tag_id": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 15,
            "buckets": [
                {
                    "doc_count": 14,
                    "key": "M_E2MDD_CFB_d44a8194-d088-4d63-bba3-149da373cffd",
                   "aggregations": {
                   "max_value_per_bucket": {
                   "value": 59
                                      }
                     }
                },
                {
                    "doc_count": 5,
                    "key": "I_DRV155_CFB_d44a8194-d088-4d63-bba3-149da373cffd",
                   "aggregations": {
                   "max_value_per_bucket": {
                   "value": 3000
                                      }
                     }
                }
            ]
        }
    }
}
2

Hi @Divyank_Mahalle

Try this:

{
  "size": 0,
  "aggs": {
    "no_of_tag_id": {
      "terms": {
        "field": "tag.id.keyword",
        "size": 2
      },
      "aggs": {
        "max_value_per_bucket": {
          "max": {
            "field": "tag.value"
          }
        }
      }
    }
  }
}
1 Like
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.