Aggregation based on either of the three mappings

Javid_Ahammed · May 22, 2017, 4:19pm

I have the following data structure

[ {"user_id":166384,"prog_id":14,
"events":[{"country_iso":"AE"}],
"branches":[{"country_iso":"AE"}],
"groups":[{"country_iso":"KW"}]},

{"user_id":17788,"prog_id":14,
"events":[{"country_iso":"AE"}],
"branches":[{"country_iso":"IN"}],
"groups":[{"country_iso":"KW"}]}
]

I need to find number of users with each country_iso

The result should be like [

{
    "key": "AE",
    "count": 2
  },
  {
    "key": "KW",
    "count": 2
  },
  {
    "key": "IN",
    "count": 1
  }
]

Just started learning Elasticsearch today , I am trying to find a single query which can give the expected result.
Can someone please help me with the query ?
Thanks in advance

Clinton_Gormley · May 26, 2017, 8:46am

You need to copy all of the country_iso fields into a single field, then run an aggregation on that field.

Example below. (I assume that country_iso isn't the only field that you will have under events etc, and that you will want to be able to query each object under events independently, so I have made them nested fields instead of object fields. You can read more about this distinction here: https://www.elastic.co/guide/en/elasticsearch/reference/5.4/nested.html)

PUT t
{
  "mappings": {
    "t": {
      "properties": {
        "user_id": {
          "type": "keyword"
        },
        "prog_id": {
          "type": "keyword"
        },
        "country_iso": {
          "type": "keyword"
        },
        "events": {
          "type": "nested",
          "properties": {
            "country_iso": {
              "type": "keyword",
              "copy_to": "country_iso"
            }
          }
        },
        "branches": {
          "type": "nested",
          "properties": {
            "country_iso": {
              "type": "keyword",
              "copy_to": "country_iso"
            }
          }
        },
        "groups": {
          "type": "nested",
          "properties": {
            "country_iso": {
              "type": "keyword",
              "copy_to": "country_iso"
            }
          }
        }
      }
    }
  }
}

PUT t/t/1
{
  "user_id": 166384,
  "prog_id": 14,
  "events": [
    {
      "country_iso": "AE"
    }
  ],
  "branches": [
    {
      "country_iso": "AE"
    }
  ],
  "groups": [
    {
      "country_iso": "KW"
    }
  ]
}

PUT t/t/2
{
  "user_id": 17788,
  "prog_id": 14,
  "events": [
    {
      "country_iso": "AE"
    }
  ],
  "branches": [
    {
      "country_iso": "IN"
    }
  ],
  "groups": [
    {
      "country_iso": "KW"
    }
  ]
}

GET t/_search
{
  "size": 0,
  "aggs": {
    "country_iso": {
      "terms": {
        "field": "country_iso",
        "size": 10
      }
    }
  }
}

Javid_Ahammed · May 27, 2017, 9:35am

Thanks a lot , I will try this out in couple of hours.

Topic		Replies	Views
Aggregation problem Elasticsearch	2	357	July 6, 2017
Build relation between elasticsearch aggregators - Nested groupings Elasticsearch	1	345	March 22, 2019
Get the aggregation that measures unique users from different cities using elasticsearch event log index Elasticsearch	7	670	June 11, 2020
Aggregating by a given item in array Elasticsearch	5	563	October 16, 2019
Aggregating the distinct result to a grouping Elasticsearch	3	1014	July 5, 2017

Aggregation based on either of the three mappings

Related topics