Calculate on nested field, got wrong result , any advice will be appreciated

Elastic Stack Elasticsearch
1

with query conditions, I filtered out only one doc, part of the doc _source is :

"_source": {
               "event": [
                  {
                     "time": 1520252057459,
                     "duration": 1876,
                     "speed": 0,
                     "event_name": "firstBufferingEnd",
                     "detail": "",
                     "cdn_ip": ""
                  },
                  {
                     "time": 1520252060460,
                     "duration": 0,
                     "speed": 207445,
                     "event_name": "networkSpeed",
                     "detail": "",
                     "cdn_ip": ""
                  },
                  {
                     "time": 1520252062460,
                     "duration": 0,
                     "speed": 96871,
                     "event_name": "networkSpeed",
                     "detail": "",
                     "cdn_ip": ""
                  },
                  {
                     "time": 1520252064460,
                     "duration": 0,
                     "speed": 0,
                     "event_name": "networkSpeed",
                     "detail": "",
                     "cdn_ip": ""
                  },

query body is as follow , I got the avg value of speed, but the value is obvious wrong, how can I exclude out those dirty events such as the "firstBufferingEnd" ?

{
            "query": {
                "nested": {
                   "path": "event",
                   "query": {
                       "bool": {
                           "must": [
                              {
                                    "range": {
                                       "event.speed": {
                                          "gt":10000000
                                       }
                                    }
                              },
                              {
                                  "terms": {
                                     "event.event_name": [
                                        "networkSpeedReport",
                                        "networkSpeed"
                                     ]
                                  }
                              }
                           ]
                       }
                   }
                }
            },
            "aggs":{
                "gg":{
                    "nested": {
                        "path":"event"
                    },
                    "aggs":{
                        "gg":{
                            "avg":{
                                "field":"event.speed"
                            }
                        }
                    }
                }
            }
        }

pictures are :

image
image1010×866 98.1 KB

image
image920×935 80.4 KB

2

@Allwyn sorry to disturb , I have been stuck at here for days , (can not found anything from google and official doc )

3

Read this and specifically the "Also be patient" part.

It's fine to answer on your own thread after 2 or 3 days (not including weekends) if you don't have an answer.

4

OK, thanks for your patience

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.