Hi all,
can you help me with my query result the out is not coming as i expected.
below is my query pls check if i have to make any changes in the query
GET /_search
{
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"gte": 1663632000000,
"lte": 1663804799000,
"format": "epoch_millis"
}
}
},
{
"query_string": {
"analyze_wildcard": true,
"query": "service.name:*itm*"
}
}
]
}
},
"aggs": {
"terms_by": {
"terms": {
"field": "labels.client_id",
"size": 100000,
"order": {
"_key": "desc"
},
"min_doc_count": 1
},
"aggs": {
"sum_rowcount": {
"sum": {
"field": "labels.row_count"
}
}
}
}
}
}
below is my query result
{
"_index" : "apm-7.5.1-itm-transaction1-2022.09.20",
"_type" : "_doc",
"_id" : "qFlOWIMBZiD-E0A1L0Xv",
"_score" : 0.0,
"_source" : {
"@timestamp" : "2022-09-20T00:31:02.473Z",
"agent" : {
"name" : "elasticapm-php",
"version" : "7.0.0-beta2"
},
"labels" : {
"destination_mysql" : "192.168.0.40",
"list_refresh_time" : 111,
"execution_time" : 5482,
"file_size" : 2,
"job_id" : "xxxx",
"destination_redis" : "aaaaaa",
"attr_count" : 00,
"list_ids" : "000",
"upload_type" : "UI",
"client_id" : "00000",
"mmail_time" : 00,
"row_count" : 55,
"entered_time" : "99999999",
"import_processor_time" : 4321
},
"observer" : {
"version" : "7.5.1"
},
{
"framework" : {
"name" : "",
"version" : ""
}
}
}
}
]
},
"aggregations" : {
"terms_by" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "99830",
"doc_count" : 3,
"sum_rowcount" : {
"value" : 83411.0
}
},
{
"key" : "99050",
"doc_count" : 6,
"sum_rowcount" : {
"value" : 6338117.0
}
},
{
"key" : "98797",
"doc_count" : 2,
"sum_rowcount" : {
"value" : 73.0
}
},
{
"key" : "98483",
"doc_count" : 1,
"sum_rowcount" : {
"value" : 33020.0
}
},
{
"key" : "96861",
"doc_count" : 124,
"sum_rowcount" : {
"value" : 3.8794598E7
}
},
{
"key" : "9621",
"doc_count" : 3,
"sum_rowcount" : {
"value" : 47207.0
}
}
in this query im doing bucket aggregation and i dont want to get thos unnecessary output i want to get only aggregaion result so how can i target to only bucket aggregation for output have to save the output in csv.
below is the example of query output that i want to get
{
"client_id": "234124",
"job_id": "2342356",
"row_cout": "664645"
},
{
"client_id": "111111",
"job_id": "2222222",
"row_cout": "1233330"
},
{
"client_id": "55657",
"job_id": "3465",
"row_cout": "676867"
}
and also i want to add more aggs in my query like job_id as terms im not able to add more aggs to my query i have trid but it give me below error.
{
"error" : {
"root_cause" : [
{
"type" : "aggregation_initialization_exception",
"reason" : "Aggregator [sum_rowcount] of type [sum] cannot accept sub-aggregations"
}
],
"type" : "aggregation_initialization_exception",
"reason" : "Aggregator [sum_rowcount] of type [sum] cannot accept sub-aggregations"
},
"status" : 500
}
pls help me with this query if there are any changes pls let me know fix this query i also have to convert the query into java