BUG - Sum bucket aggregation always returning zero

Elastic Stack Elasticsearch
1

Hi,

I am trying to do a sum bucket using pipeline aggregation path separator.
But sum bucket value is always zero. It doesn't even throw an error.
I don't have any zero values in my data.

{
  "size": 0,
  "aggs": {
"devicelist": {
  "terms": {
    "field": "device",
    "size": 9999},
    "aggs": {
      "currentstatus": {
        "terms": {
          "field": "status.keyword",
          "size": 1,
          "order": {
            "latest": "desc"
          }},
          "aggs": {
            "latest": {
              "max": {
                "field": "time"
              }
            },
            "total": {
              "sum": {
                "field": "statusInt"
              }
            }
      }
    }
  }
},
"sumd": {
  "sum_bucket": {
    "buckets_path": "devicelist>currentstatus['SUCCESS']>total"
  }
}
  }
}
2

can you provide a fully reproducible example including index creation, document indexing and the whole query and the exact elasticsearch version you are using? otherwise this will be hard to reproduce.

Thanks!

1 Like
3

Hi @spinscale ,

Thanks for the reply.
I am using AWS Elasticsearch ver 6.7

Documents are written to index when there is status change from various devices along with time. Mappings and index creation handled by elasticsearch defaults.
The query I have posted in the question is the exact query.

Sample documents

{"time": 03:00, "device": "device3", "status": "SUCCESS", "statusInt": 1}
{"time": 03:00, "device": "device2", "status": "SUCCESS", "statusInt": 1}
{"time": 02:05, "device": "device2", "status": "FAILURE", "statusInt": 0}
{"time": 02:00, "device": "device2", "status": "FAILURE", "statusInt": 0}
{"time": 01:05, "device": "device1", "status": "FAILURE", "statusInt": 0}
{"time": 01:00, "device": "device1", "status": "SUCCESS", "statusInt": 1}

I expect the query to provide the sum_bucket aggreagation value as 2, summing up total aggregation field under the terms device2->SUCCESS and device3->SUCCESS

Use case: In a time series data, logging status from multiple devices, I want to get the latest status per device and count up the number of success devices. Exporting the latest status of all the devices and doing it on the client side is not an option.
That is why I decided to use sum_bucket and buckets_path syntax to select only SUCCESS results.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.