Hi Team,
I am trying to do a aggregation using ES query. Query is giving a result in develper tool but when I use it in logstash config file I am not getting a actual result. I am getting only few selected field, at least I expect all the selected fields. Where as I observed that filter primary_market= "XY" and c_id="LS" working correctly. I am getting only document for that filter but aggregation is not working.
input {
elasticsearch {
hosts => "${ELK_SERVER}"
index => "idx_20201014"
user => "${ELK_USER}"
password => "${ELK_PASS}"
query => '{"size" : 0,"query" : {"bool" : {"must" : [{"term" : {"market" : {"value" : "XY"}}},
{"term" : {"c_id" : {"value" : "LS"}}}]}},
"_source" :{ "includes" : ["c_id","market","amount","quantity"]},
"aggregations" : {"groupby" : {"composite" : {"size" : 10,
"sources" : [{"c_id_gp" : {"terms" : {"field" : "c_id"}}},
{"date_gp" : {"terms" : {"field" : "date"}}},
{"market_gp" : {"terms" : {"field" : "market"}}}
]},
"aggregations" : {"amount_gp" : {"sum" : {"field" : "amount"}},
"quantity_gp" : {"sum" : {"field" : "quantity"}}}
}}}'
}
}
output {
stdout{}
}
Output I am getting like this which is all the fields from index
{
"amount" => 10037.2167,
"clientid" => "LS"
}
{
"amount" => 1238.199706,
"clientid" => "LS"
}