Hi all!
Im trying to do and aggregation of the values in a nested query, on an earlier query.
I managed to do the following:
POST /flow_test/sometest
POST flow_test/_mapping/sometest
{
"properties": {
"cerdentials": {
"type": "nested",
"properties": {
"name": {
"type": "string"
}
}
},
"cookies": {
"type": "nested",
"properties": {
"name": {
"type": "string"
}
}
},
"files": {
"type": "nested",
"properties": {
"name": {
"type": "string"
}
}
},
"flow_id": {
"type": "string"
}
}
}
now insert 2 docs ( or more )
POST /flow_test/sometest
{
"flow_id":"something else",
"cookies":[{"name":"ck1"},{"name":"ck2"},{"name":"ck3"}],
"cerdentials":[{"name":"c1"},{"name":"c2"},{"name":"c3"}],
"files":[{"name":"f1"}, {"name":"f2"}, {"name":"f3"}]
}
now i want to first make a query to find all the documents that one of its nested field contains my variable ( we will try on cookies on this example)
I manged to do it easily, but now i want to aggregate on these results, so i will see the following :
files:
f1-2,
f2-1
cerdentials:
c1-3,
c3-1
this will represent how many documents has f1 on their nested files field in the result ( which already filtered the cookie).
The closest i got was counting the size of the nested field:
I did it like so :
GET /flow_test/sometest/_search?pretty
{
"query":{
"bool": {
"must": [
{"match_all": {}},
{
"nested":{
"path":"cookies",
"query":{
"bool":{
"must":[
{
"match":{
"cookies.name":"ck2"
}
}
]
}
}
}
}
]
}
},
"aggregations":{
"someAggregation":{
"nested":{
"path": "cerdentials"
},
"aggs":{
"cerdentialsCount":{
"cardinality":{
"field": "cerdentials.name"
}
}
}
}
}
}
I cant think of a way to preform this. my nested object might contain a complex object and not just name like in the example, so how will i compare the 2 to aggregate them ? is it even possible?
Im also very open to changing my document design, if necessary.
Thanks in advance!
