Aggregate Query Results

usman1 · June 21, 2021, 6:09pm

I am fetching timestamp and data against that timestamp with my search query to Elasticsearch node. The result being fetched contains multiple values against the same timeframe and I want Elasticsearch to return the aggregated value instead of single values.

For instance, the returned data array looks similar to following:
Time: ['2020-10-04 12:28','2020-10-04 12:28','2020-10-04 12:28','2020-10-04 12:29','2020-10-04 12:29'....]
Vals: [10,10,10,10,10]

I want it to aggregate Vals with respect to Time and the result should look like following:
Time: ['2020-10-04 12:28','2020-10-04 12:29',....]
Vals: [30,20]

Currently my query is following:

GET _search
{
  "query": {
    "bool": {
      		"must": [
        	{
          		"match": {
            		"B_ID": "348"
          		}
        	},
        	{
          		"match": {
            		"FLAG": "SCALE"
          		}
        	}
      		]
    	}
  },
   "aggs": {
    "AG_PPM": { "sum": { "field": "PPM" } }
  },
  "fields": [
    "PPM",
    "TIMESTAMP"
  ],
  "_source": false
}

But this does not seems to work and I am only getting the requested fields (PPM, TIMESTAMP) only.

spinscale · June 22, 2021, 7:56am

Please provide a fully reproducible example. This question is impossible to answer without a lot of guesswork, because we are missing the document structure. So please provide an example including index creation/mapping, sample documents and the query, this would help a lot!

Thank you!

usman1 · June 22, 2021, 9:25am

@spinscale Complete response of the above mentioned query can be found here. It can be seen that the PPMs are aggregated at the end but that aggregation is applied on all the fetched records. I want this aggregation applied on the results for which Timestamp is same.

Kindly let me know if there is still something which I should explain.

spinscale · June 22, 2021, 9:30am

Try a date histogram, that contains the sum aggregation within. Sounds like that could help in your case.

usman1 · June 22, 2021, 10:25am

@spinscale Thanks for the help. Can you please direct me to a sample query/solution which can help me in knowing the syntax for that?

amitkr · June 22, 2021, 10:39am

Hi,
you can use something like this one.

  "aggs": {
    "AG_PPM": {
      "date_histogram": {
        "field": "TIMESTAMP",
        "fixed_interval": "1m"
      },
      "aggs": {
        "count": {
          "sum": {
            "field": "PPM"
          }
        }
      }
    }
  }

system · July 20, 2021, 10:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.