Filtered Transform aggregations

Elastic Stack Elasticsearch
1

We want to extract the first time an occurrence happened.

For now, we use a scripted metric, which works fine:

"creation": {
        "scripted_metric": {
          "init_script": "state.timestamps = []",
          "map_script": "if (doc.action.value == 'create') { state.timestamps.add(doc.timestamp.value.getMillis()) }",
          "combine_script": "return state.timestamps.length > 0 ? Collections.min(state.timestamps) : -1L",
          "reduce_script": "long first = 0; for (a in states) { if(!(a == -1L) && (a < first || first == 0)) { first = a } } return first"
        }
      }

But it looks like it would be nicer, and perform better, to combine min and filter agg, such as:

"creation": {
            "filter": { "term": { "action": "create" } },
            "aggs":{ "minValue": {"min": { "field": "timestamp" } }}
          }

However, I cannot seem to get it to work, I tried multiple combinations. Is it even possible?

1 Like
2

Transform only supports a subset of aggregations, we expand support with every release.

Support for filter has been added in 7.7 which should make your example possible.

Which version are you using? If you already use 7.7, but still can not get it to work, can you post the error?

3

We are using 7.6, another good reason for upgrading. Thanks!!

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.