Filtered Transform aggregations

Xavier_Marti_Bofill · May 20, 2020, 8:41am

We want to extract the first time an occurrence happened.

For now, we use a scripted metric, which works fine:

"creation": {
        "scripted_metric": {
          "init_script": "state.timestamps = []",
          "map_script": "if (doc.action.value == 'create') { state.timestamps.add(doc.timestamp.value.getMillis()) }",
          "combine_script": "return state.timestamps.length > 0 ? Collections.min(state.timestamps) : -1L",
          "reduce_script": "long first = 0; for (a in states) { if(!(a == -1L) && (a < first || first == 0)) { first = a } } return first"
        }
      }

But it looks like it would be nicer, and perform better, to combine min and filter agg, such as:

"creation": {
            "filter": { "term": { "action": "create" } },
            "aggs":{ "minValue": {"min": { "field": "timestamp" } }}
          }

However, I cannot seem to get it to work, I tried multiple combinations. Is it even possible?

Hendrik_Muhs · May 20, 2020, 9:25am

Transform only supports a subset of aggregations, we expand support with every release.

Support for filter has been added in 7.7 which should make your example possible.

Which version are you using? If you already use 7.7, but still can not get it to work, can you post the error?

Xavier_Marti_Bofill · May 20, 2020, 9:37am

We are using 7.6, another good reason for upgrading. Thanks!!

Topic		Replies	Views
Finding optimal solution to use filter in aggregations of transform index Kibana transforms	10	1373	September 11, 2020
Can some one help please: sum of the field by filtering in transforms not working Elasticsearch	1	319	September 6, 2020
Condition in aggregation does not filter the hit result Elasticsearch	3	431	November 4, 2019
Elastic: Filtering data after grouping Elasticsearch	1	257	September 27, 2022
ElasticSearch aggregation get hit with min date Elasticsearch	9	1690	July 5, 2017

Filtered Transform aggregations

Related topics