Conditional path in nested aggregation

elpaisa · February 27, 2018, 4:51pm

Hi, I have a nested field with two properties:

{
    "rating": 2
    "victim": [{
        "ip":  "...",
        "instanceId": "....""
    }]
}

I want to aggregate over the rating and get the IP or InstanceId for each document, not both in the bucket list.

Thanks.

elpaisa · February 28, 2018, 2:29pm

After a lot of searching i found the way via painless:

"terms" : {
    "script" : {
        "source": "doc['victim.instanceId'].value == null ? doc['victim.ip'] : doc['victim.instanceId']",
        "lang": "painless"
    },
    "missing": "N/A"
}

Topic		Replies	Views
Multi Term aggregation on nested fields Elasticsearch	1	350	July 4, 2022
Aggregation with nested properties Elasticsearch	2	419	November 20, 2019
Combining nested and non nested aggregations Elasticsearch	2	1781	May 16, 2017
Combining nested and none nested fields in aggregate query Elasticsearch	4	654	July 5, 2017
Missing aggregation on nested field returning incorrect results Elasticsearch	2	976	July 5, 2017

Conditional path in nested aggregation

Related topics