Custom Bucket Sub Aggregations & Top Hits

csepulv · May 10, 2018, 3:26am

I would like to a custom aggregation that either doesn't use geohash'ing or uses geohash as a sub-aggregation.

Imagine you are mapping schools or fast food restaurants. I'd like to aggregate by the school type (elementary, middle school, etc.) or restaurant chain name first, then map the metric of count, average, etc. In this case geohash, as a sub aggregation, is fine. (Basically, I have some term/identifier I'd like to use as first level aggregation.)

But I would also like to show the first or last school/restaurant opening, in which case I'd like a top_hits sub-aggregation and not use the geohash (or, in some cases use top_hits with the geohash).

Is there any way to do this? Should I open a feature request issue on GitHub?

Thanks

Joe_Fleming · May 10, 2018, 6:05pm

It sounds like what you want is a Geohash filter, not a geohash as part of the aggregation. Basically, you can do what you've already said, aggregate by type and sort by the opening date/time. This will effectively run the aggregation against all of your data, but if you apply a geohash filter, it'll only include documents that are located within that geohash.

csepulv · May 11, 2018, 12:02am

Sometimes geohasing is okay. But I need nested aggregations. If I have a position geopoint field, the resulting aggregation, generated by Kibana would be:

"aggs": {
              "2": {
                "geohash_grid": {
                  "field": "position",
                  "precision": 3
                },
                "aggs": {
                  "3": {
                    "geo_centroid": {
                      "field": "position"
                    }
                  }
                }
              }
            }

But assume I want a breakdown by brand (as in my earlier noted example), I would like the following aggregation/buckets:

"aggs": {
          "brand": {
            "terms": {
              "field": "brand_name"
            },
            "aggs": {
              "2": {
                "geohash_grid": {
                  "field": "position",
                  "precision": 3
                },
                "aggs": {
                  "3": {
                    "geo_centroid": {
                      "field": "position"
                    }
                  }
                }
              }
            }
          }
        }

I don't know anyway to specify such an aggregation and I am pretty sure the map visualization code that generates the leaflet layers wouldn't know what to do with it.

But I am wondering/hoping for an option or maybe guidance on doing this. I am happy to make a issue request is that is appropriate.

Thanks

Joe_Fleming · May 14, 2018, 4:56pm

Yeah, making an issue in the Kibana repo might be a good start. I'm not super familiar with the geo functionality in Kibana if I'm being honest, it's changed a lot since I was last in there. Plus, the layer system I mentioned here is going probably going to invalidate the little I do still know. What you're looking for might not be possible now, but may be possible once the layers are available.

csepulv · May 15, 2018, 10:08pm

I've created a GitHub issue

thanks

system · June 12, 2018, 10:08pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.