Aggregation result size

suriyakode · July 7, 2015, 7:00pm

Hello!

So, I'm first aggregating by interface name and then performing an average value aggregation on a particular field. I sort the output as descending to get the top 10 average values by interface name. However, these values will all be slightly off if I take the size of the aggregation as 10, because of how aggregations work first on a per shard level. (See: https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html)

In order to get more accurate outputs, I could increase the size of the aggregation, say to a 100, but that will then output the top 100 interfaces. Is there a way to calculate the average on however many interfaces I want (to make it more accurate), but still have Elasticsearch only give me the top 10 hits.

Thanks,
Suriya

colings86 · July 7, 2015, 8:58pm

Have a look at the shard_size parameter. This should help you. You can also look at the doc_count_error_upper_bound to see what the worst-case error in the document counts is.

suriyakode · July 7, 2015, 9:04pm

Thank you very much, this should do the trick!

Topic		Replies	Views
Perform a pipelines aggregation over the full set of potential buckets Elasticsearch	1	252	November 16, 2021
How to calculate shard_size Elasticsearch	5	371	January 12, 2021
Top average list of terms Elasticsearch	4	724	March 22, 2019
Sum Aggregation returning bad value Elasticsearch	10	1972	May 7, 2019
Does the term aggregation also return approximate value when doing sum/avg aggregation? Elasticsearch	4	430	March 21, 2019

Aggregation result size

Related topics