Aggregations along with painless scripted field

scch · December 28, 2017, 5:51am

Hi ...
can we use aggregations and painless in a scripted field ?

i want to achieve below.

//Query
},
"size": 0,
"_source": {
"excludes": []
},
"aggs": {
"3": {
"terms": {
"field": "alert.keyword",
"size": 2,
"order": {
"1": "desc"
}
},
"aggs": {
"1": {
"cardinality": {
"field": "alert.keyword"
}
}
}
}
}
//Result

{
"took": 140,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 684223,
"max_score": 0,
"hits": []
},
"aggregations": {
"3": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"1": {
"value": 1
},
"key": " Anomaly behavior",
"doc_count": 128
},
{
"1": {
"value": 1
},
"key": " Capability Definitions",
"doc_count": 10
},
{
i want to use key and doc_count in 'if, else' construct to return value through scripted field for visualization it in kibana.

example if [key] == 'Anomaly behavior' && [doc_count] > 50 ;return 10;
else 2;

tylersmalley · December 28, 2017, 8:13pm

You can't use doc_count from the terms aggregation in a scripted field, only properties on the object.

scch · December 29, 2017, 4:33am

My requirements is on the basis of distinct count on a document field create a scripted field. Is there any function or method like distinct, count, sort and dedupe which can be directly used on a document field in painless script. Please shed some light, some example code...

Thank you

system · January 26, 2018, 4:33am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.