If I run the two queries below they both come back with the same hits, the difference is that the buckets for the first query use every doc in the index while the second query only uses the docs in the search results
GET /development_users/user/_search
{
"filter": {
"geo_bounding_box" :{
"user_lat_lon" :{
"top_left" :{
"lat" :"26.429013452407396",
"lon" :"-90.412109375"
},
"bottom_right" :{
"lat" :"25.05593126519445",
"lon" :"-70.33203125"
}
}
}
},
"aggs": {
"docs_grid" :{
"geohash_grid" :{
"field" :"user_lat_lon",
"precision" :3,
"size" :500
}
}
}
}
GET /development_users/user/_search
{
"query": {
"filtered": {
"filter": {
"geo_bounding_box" :{
"user_lat_lon" :{
"top_left" :{
"lat" :"26.429013452407396",
"lon" :"-90.412109375"
},
"bottom_right" :{
"lat" :"25.05593126519445",
"lon" :"-70.33203125"
}
}
}
}
}
},
"aggs": {
"docs_grid" :{
"geohash_grid" :{
"field" :"user_lat_lon",
"precision" :3,
"size" :500
}
}
}
}
The only difference between these queries is that the first one uses a filter outside a query filtered context and the second one uses it in the query filtered context. To me the documentation seems to say you can use either
An aggregation can be seen as a unit-of-work that builds analytic information over a set of documents. The context of the execution defines what this document set is (e.g. a top-level aggregation executes within the context of the executed query/filters of the search request).
I haven't been able to find any examples of doing an aggregation with just a filter seems most people use a query filtered context e.g.
Can it be done? If so how?