Bucket aggregation with java api

Elastic Stack Elasticsearch
1

Hi all can anyone pls help me convert below query in java i have been stuck to this from very long and frustrated.. pls help here

GET /_search
{
  "query": {
    "bool": {
      "filter": [
        {
          "range": {
            "@timestamp": {
              "gte": 1663632000000,
              "lte": 1663804799000,
              "format": "epoch_millis"
            }
          }
        },
        {
          "query_string": {
            "analyze_wildcard": true,
            "query": "service.name:*itm*"
          }
        }
      ]
    }
  },
  "aggs": {
    "terms_by": {
      "terms": {
        "field": "labels.client_id",
        "size": 100000,
        "order": {
          "_key": "desc"
        },
        "min_doc_count": 1
      },
      "aggs": {
        "sum_rowcount": {
          "sum": {
            "field": "labels.row_count"
          }
          , "aggs": {
            "job_id": {
              "terms": {
                "field": "labels.job_id",
                "size": 100000
              }
            }
          }
          
        }
      }
    }
  }
}
2

Hi @Shubh

Try this:

Map<String, Aggregation> map = new HashMap<>();

    var subTermAggregation = new Aggregation.Builder()
        .terms(new TermsAggregation.Builder()
            .field("labels.job_id").size(100000).build())
        .build();

    var subAggregation = new Aggregation.Builder()
        .sum(new SumAggregation.Builder().field("labels.row_count").build())
        .aggregations(new HashMap<>() {{
          put("job_id", subTermAggregation);
        }})
        .build();

    var aggregation = new Aggregation.Builder()
        .terms(new TermsAggregation.Builder()
            .field("labels.client_id")
            .size(100000)
            .order(Map.of("_key", SortOrder.Desc))
            .minDocCount(1)
            .build())
        .aggregations(new HashMap<>() {{
          put("sum_rowcount", subAggregation);
        }}).build();

    map.put("terms_by", aggregation);

    var boolquery = BoolQuery.of(b -> b.filter(Query.of(q -> q.range(RangeQuery.of(
        r -> r.field("@timestamp").gte(JsonData.of("1663632000000")).lte(JsonData.of("1663804799000")).format("epoch_millis")
        )))).filter(f -> f.queryString(QueryStringQuery.of(qs -> qs.query("service.name:*itm*").analyzeWildcard(true))))
    );
    var query = Query.of(q -> q.bool(boolquery));

    var searchRequest = new SearchRequest.Builder()
        .index("idx_name")
        .size(0)
        .query(query)
        .aggregations(map)
        .build();

    var response = client.search(searchRequest, Void.class);
3

Hey.. Thanx for reply.. Can i do more aggregation if i have to?

4

Yes, you can see how it was done for the aggs "sum_rowcount" and "job_id".

5

can help me out how would i export this query data in csv file that will help me alot. im stuck on exporting query data with program. if you hlep me that would be greatfull.

6

If I understand you want to export the aggregation results to a csv file.
Well, first you need to extract the aggregation from the response and use a lib or any other code that will create the csv.
What you're asking for is way off topic in your post. In that case I would recommend creating a new post for this new question.

7

ok thanks that helps me alot

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.