Convert es (Bucket aggregation) query to java

Shubh · September 28, 2022, 5:10am

Hi,
Can anyone help me convert this query in java program and how would i get only the aggreagtion result from query. The query is given below.

GET /_search
{
  "size": 0,
  "query": {
    "bool": {
      "filter": [
        {
          "range": {
            "@timestamp": {
              "gte": 1664044200000,
              "lte": 1664216999000,
              "format": "epoch_millis"
            }
          }
        },
        {
          "query_string": {
            "analyze_wildcard": true,
            "query": "service.name:*itm*"
          }
        }
      ]
    }
  },
  "aggs": {
    "2": {
      "terms": {
        "field": "labels.client_id",
        "size": 100000,
        "order": {
          "_key": "desc"
        },
        "min_doc_count": 1
      },
      "aggs": {
        "4": {
          "terms": {
            "field": "labels.job_id",
            "size": 100000,
            "order": {
              "_key": "desc"
            },
            "min_doc_count": 1
          },
          "aggs": {
            "3": {
              "sum": {
                "field": "labels.row_count"
              }
            }
          }
        }
      }
    }
  }
}

Pls help me i'v been sitting on this work from very long and im not able to meet up with the result.

Shubh · September 28, 2022, 5:17am

One more thing i want that i want to start my output from Aggregations If that is possible.
the above part is not required

{
  "took" : 111,
  "timed_out" : false,
  "_shards" : {
    "total" : 23232,
    "successful" : 3535,
    "skipped" : 767,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 56547,
      "relation" : "eq"
    },
    "max_score" : null,
    "hits" : [ ]
  },
  "aggregations" : {
    "2" : {
      "doc_count_error_upper_bound" : 0,
      "sum_other_doc_count" : 0,
      "buckets" : [
        {
          "key" : "86789",
          "doc_count" : 4,
          "4" : {
            "doc_count_error_upper_bound" : 0,
            "sum_other_doc_count" : 0,
            "buckets" : [
              {
                "key" : "2222222",
                "doc_count" : 1,
                "3" : {
                  "value" : 666.5
                }
              },
              {
                "key" : "111111",
                "doc_count" : 1,
                "3" : {
                  "value" : 1111
                }
              },
              {
                "key" : "22222",
                "doc_count" : 1,
                "3" : {
                  "value" : 6666
                }
              },
              {
                "key" : "555555",
                "doc_count" : 1,
                "3" : {
                  "value" : 66666
                }
              }
            ]
          }
        }

Thanks.

carly.richmond · September 28, 2022, 8:47am

Hi Shubh,

Are you using the Elasticsearch Java client? Do you have any code so far? There is an aggregation example in the documentation that may help you get started.

Shubh · September 28, 2022, 8:59am

Hi carly.richmond,

thanks for replay yes im using java client i have done some code but the output is not coming as expected. can pls give me code for this query so that i can refer. it would be very helpful for me. I have gone through that document already.

carly.richmond · September 28, 2022, 9:32am

Hi Shubh, can you share the code you have and what output or error you are receiving please? It would be good to understand what output you have versus what you expect.

Shubh · September 28, 2022, 9:59am

@carly.richmond Here is my code. as per the document you shared me im not able to get The response of an aggregation which we have to run in for loop getting some som erro in code as well pls correct me or send me the right code.

public class podQuery {

    public static void main(String[] args) {

        RestHighLevelClient client = new RestHighLevelClient(
                RestClient.builder(new HttpHost("hostname", port, "http")))

        try {

            BoolQueryBuilder queryBuilder = QueryBuilders.boolQuery();

            queryBuilder.must(QueryBuilders.matchQuery("labels.client_id", "50152"));
            queryBuilder.must(QueryBuilders.rangeQuery("@timestamp").gte("2022-09-26")
                    .lte("now/d")
            );



            TermsAggregationBuilder jobidAggregation = AggregationBuilders
                    .terms("termByJobid")
                    .field("labels.job_id")
                    .minDocCount(1);

            jobidAggregation
                    .subAggregation(AggregationBuilders
                            .sum("sumOfRowcount")
                            .field("labels.row_count")
                    );

            TermsAggregationBuilder termsAggregation = AggregationBuilders
                    .terms("term_by_client_id")
                    .field("labels.client_id")
                    .size(100000)
                    .minDocCount(1).subAggregation(jobidAggregation);

            SearchRequest searchRequest = new SearchRequest();
            searchRequest.indices("*apm*itm*");


            SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
            searchSourceBuilder.aggregation(termsAggregation);
            searchSourceBuilder.query(queryBuilder);
            searchRequest.source(searchSourceBuilder);

            SearchResponse searchResponse = client.search(searchRequest, RequestOptions.DEFAULT);

            List<Aggregation> aggregationList = searchResponse.getAggregations().asList();

        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
}

carly.richmond · September 28, 2022, 3:38pm

Hi Shubh, you say you're getting an error. What is the error?

Can you also confirm if you are using the Java REST Client or the Java API Client and what versions of that client and Elasticsearch you are using? From the references in your code it looks like you are using the REST client which is deprecated as of 7.17 in favour of the API client. So we would recommend switching to the Java API client.

Shubh · September 28, 2022, 4:39pm

can you just tell me how would i parse the searchresponse object from above code. with code example

carly.richmond · September 29, 2022, 9:15am

Hi Shubh,

The discuss forum is best effort help for Elasticsearch, as well as educating the community. We are not a support forum. If others have similar snippets and experiences they may share.

I suggest following the code example for the Java API client mentioned above. That example also includes an example of how to process the aggregation response in the second snippet that covers how to process the response.

system · October 27, 2022, 9:15am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.