Elasticsearch aggregation with regexp

ciprian1 · February 13, 2017, 7:57am

Hi,
I have the following query:

curl http://localhost:9200/<my_index>/_search

with this body:

{
"aggs" : {
"host" : {
"terms": {
"field": "host",
"include" : ".*"
}
}
}
}

Mapping for the 'host' field is like this:

      "host" : {
        "index" : "not_analyzed",
        "type" : "string"
      }

The problem is, when issuing the query, I always get something that starts like this:

"aggregations": {
"host": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 368

My question is: why there are some unmatched documents? As I've shown above, the regexp was: "include" : ".*", meaning all. Am I missing anything?

Thank you!

Ciprian.

Mark_Harwood · February 13, 2017, 9:52am

Don't supply an include clause - that would implicitly mean "all" and using a regex will only add performance overhead.

ciprian1 · February 13, 2017, 11:01am

Ok, thanks for the hint :)!

system · March 13, 2017, 11:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Regexp vs Include performance comparison Elasticsearch	1	357	April 10, 2018
Filter by a regexp inside a terms aggregation Elasticsearch	3	534	May 9, 2020
Regexp not searching as expected Elasticsearch	7	447	July 4, 2020
Analyzing URLs for regexp queries Elasticsearch	4	5513	July 6, 2017
Composite aggregation buckets not filtered as per the regexp query Elasticsearch	0	9	August 28, 2024