Elasticsearch sort query

Ahmet_Kartal · July 10, 2019, 2:08pm

I have some data that I want to sort but when I sort them sort query didn't work very well. So, here what I got after making my query:

"Group3": {
                      "buckets": [
                        {
                          "doc_count": 8, 
                          "key": "1"
                        }, 
                        {
                          "doc_count": 1, 
                          "key": "11"
                        }, 
                        {
                          "doc_count": 1, 
                          "key": "15"
                        }, 
                        {
                          "doc_count": 1, 
                          "key": "18"
                        }, 
                        {
                          "doc_count": 1, 
                          "key": "8"
                        }
                      ], 
                      "doc_count_error_upper_bound": 0, 
                      "sum_other_doc_count": 0
                    }, 
                    "doc_count": 12, 
                    "key": "mke"

This my query:

   "aggs": {
                    "Group1": {
                        "terms": {
                            "field": "method.keyword",
                            "include": ".*POST.*",
                        },
                        "aggs": {
                            "Group2": {
                                "terms": {
                                    "field": "keyword.keyword",
                                    "size": 11593,

                                },
                                "aggs": {
                                    "Group3": {
                                        "terms": {
                                            "field": "amount.keyword",
                                            "size": 100,

                                        }
                                    }

                                },
                            }
                        },



                    }

                }

What I want is output need to show me the top key value among them, like this:

"Group3": {
                      "buckets": [
                        {
                          "doc_count": 1, 
                          "key": "18"
                        }
                  
                      ], 
                      "doc_count_error_upper_bound": 0, 
                      "sum_other_doc_count": 0
                    }, 
                    "doc_count": 12, 
                    "key": "mke"

How can I do that

dadoonet · July 10, 2019, 3:20pm

Please format your code, logs or configuration files using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

This is the icon to use if you are not using markdown format:

There's a live preview panel for exactly this reasons.

Lots of people read these forums, and many of them will simply skip over a post that is difficult to read, because it's just too large an investment of their time to try and follow a wall of badly formatted text.
If your goal is to get an answer to your questions, it's in your interest to make it as easy to read and understand as possible.
Please update your post.

Could you provide a full recreation script as described in About the Elasticsearch category. It will help to better understand what you are doing. Please, try to keep the example as simple as possible.

A full reproduction script will help readers to understand, reproduce and if needed fix your problem. It will also most likely help to get a faster answer.

Ahmet_Kartal · July 11, 2019, 6:07am

Thank you for warning me sir. I am new here and I didn't give attention to make my question easy to understand. I guess I formatted my question well right now.

dadoonet · July 11, 2019, 7:12am

Much appreciated. Thanks.

Could you also answer the last part of my answer about a full reproduction script?

Ahmet_Kartal · July 11, 2019, 7:27am

I am sorry sir. I couldn't understand what you want from me with full reproduction script.
I am using elasticsearch for python and this one is my code. Hope this is the thing that you want:

class Page(Resource):
    def get(self):
        body = {
            "aggs": {
                "Group1": {
                    "terms": {
                        "field": "method.keyword",
                        "include": ".*POST.*",
                    },
                    "aggs": {
                        "Group2": {
                            "terms": {
                                "field": "keyword.keyword",
                                "size": 11593,

                            },
                            "aggs": {
                                "Group3": {
                                    "terms": {
                                        "field": "amount.keyword",
                                        "size": 100,

                                    }
                                }

                            },
                        }
                    },



                }

            }

        }

        res=es.search(index='EStry',body=body)
        return jsonify(res)

dadoonet · July 11, 2019, 8:09am

What don't you understand in the page I linked to?

Ahmet_Kartal · July 11, 2019, 8:19am

It seems to me like I did all the thing correct. It confuses me. In the page you linked queries has written for Kibana user. I am using Python and I develop RESTAPI. It seems different than my situation.
Pardon me.

dadoonet · July 11, 2019, 8:30am

Yes please provide a script that anyone can run in Kibana.

Ahmet_Kartal · July 11, 2019, 8:38am

Hope this is what you want sir:

GET EStry/_search
        {            
        "aggs": {
                    "Group1": {
                        "terms": {
                            "field": "method.keyword",
                            "include": ".*POST.*",
                        },
                        "aggs": {
                            "Group2": {
                                "terms": {
                                    "field": "keyword.keyword",
                                    "size": 11593,

                                },
                                "aggs": {
                                    "Group3": {
                                        "terms": {
                                            "field": "amount.keyword",
                                            "size": 100,

                                        }
                                    }

                                },
                            }
                        },



                    }

                }
        }

dadoonet · July 11, 2019, 8:51am

If I run that in Kibana it will tell me that Index EStry is not found.

system · August 8, 2019, 8:56am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.