Elasticsearch filters aggregation does not return array format

The filters aggregation returns bucket as object

      "buckets": {
        "errors": {
          "doc_count": 1
        },
        "warnings": {
          "doc_count": 2
        }
      }

But i would like to return a buckets array, like the terms aggregation

      "buckets": [
        { 
          "key": "errors",
          "doc_count": 1
        },
        { 
          "key": "warnings",
          "doc_count": 2
        }
      ]

Is this possible or any sort of data transformation can be done in the query to make it so?

The anonymous filters option returns bucket array but do not have the key mapping in each element like above example

I would try to create a query and then aggregate the results with term aggregation

{
  "size": 0,
  "query": {
    "bool": {
      "should": [
        {
          "match": {
            "name": "value"
          }
        },
        {
          "match": {
            "name": "value"
          }
        }
      ]
    }
  },
  "aggs": {
    "names": {
      "terms": {
        "field": "name.raw"
      }
    }
  }
}

Thanks for your reply. In my case however i am unable to use terms aggregation because i want to group not by field, but by regex matching the field against possible patterns.

Using filters aggregation allows me to do something like this -

"filters": {
        "filters": {
          "errors": {
            "query_string": {
              "query": "logmessage:/ERROR.*/"
            }
          },
          "warnings": {
            "query_string": {
              "query": "logmessage:/WARNING.*/"
            }
          }
    }
}

if you use Regexp query | Elasticsearch Guide [8.1] | Elastic
Filter aggregation must working.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.