Aggregation return data that do not match query

Edyta_Szkiladz · July 12, 2023, 7:46am

I am trying to do aggregation on documents which contains categories field. Categories is an array of strings. Sample document:

{
  "_index": "test-v11",
  "_type": "_doc",
  "_id": "954961",
  "_version": 4,
  "_score": 1,
  "_source": {
    "id": 954961,
    "categories": [
      "Patent",
      "Trademark"
    ]
  },
  "fields": {
    "id": [
      "954961"
    ],
    "categories": [
      "Patent",
      "Trademark"
    ],
    "categories.keyword": [
      "Patent",
      "Trademark"
    ]
  }
}

When I try to aggregate items by categories in the result I see categories that do not match query. My request:

POST _search
{
   "aggs":{
      "termBucketAgg":{
         "terms":{
            "field":"categories.keyword",
            "shard_size":65,
            "size":10
         }
      }
   },
   "query":{
      "bool":{
         "must":[
            {
               "query_string":{
                  "fields":[
                     "categories"
                  ],
                  "query":"*trade*"
               }
            }
         ]
      }
   },
   "size":0
}

Response:

"aggregations" : {
    "termBucketAgg" : {
      "doc_count_error_upper_bound" : 0,
      "sum_other_doc_count" : 806,
      "buckets" : [
        {
          "key" : "Patent",
          "doc_count" : 5436
        },
        {
          "key" : "Trademark",
          "doc_count" : 535
        }
		(...)
      ]
    }
  }

"Patent" do not match here, but probably I got it in the resposne because I have a document that have both categories. Any idea how to got only categories that match the query?

dadoonet · July 12, 2023, 12:16pm

Welcome!

The way it works is that way:

The query selects the documents which matches
Then the aggregation aggregates ALL the values for ALL the documents which matched.

The aggregation does not filter the terms based on the query...

You can look at this may be: Terms aggregation | Elasticsearch Guide [8.8] | Elastic

Edyta_Szkiladz · July 17, 2023, 9:41am

This solve my issue (include part):

POST _search
{
   "aggs":{
      "termBucketAgg":{
         "terms":{
            "field":"categories.keyword",
            "shard_size":65,
            "size":10,
            "include": ".*[cC][oO][nN].*"
         }
      }
   },
   "query":{
      "bool":{
         "must":[
            {
               "query_string":{
                  "fields":[
                     "categories"
                  ],
                  "query":"*con*"
               }
            }
         ]
      }
   },
   "size":0
}

Edyta_Szkiladz · July 17, 2023, 9:42am

Thank you @dadoonet that helps me to find a solution.

system · August 14, 2023, 9:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Aggregation count are not matching with bucket results Elasticsearch	1	469	September 11, 2018
Different result from search and aggregation of that search Elasticsearch	2	1015	July 5, 2017
Is it possible to filter aggregation return result? Elasticsearch	1	98	May 10, 2024
Filter out buckets in an aggregated query Elasticsearch	3	1241	July 6, 2017
Doc_count on aggregations doesn't match total hits Elasticsearch	3	1294	July 6, 2017

Aggregation return data that do not match query

Related topics