Aggregating tags

Hi,

we are using a index where we have 3 fields type, fileinfo and timestamp.

In the fileinfo field I will be having a json String where there will count of different number of file formats.

example:
{"items":[{"type":"xml","size":0.020,"filecount":80},{"type":"pdf","size":104.245,"filecount":20}]}

Now my problem is I want to set the sum of the size of all the pdf files. similary for other types of files

Is there any way to do this.

Thanks,
Sandhya

Take a look at scripted metric aggregations. You could do a terms aggregation on type, and in your script sum the size field.

https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-metrics-scripted-metric-aggregation.html