Getting sum from elasticsearch query

Elastic Stack Elasticsearch
1

I have elasticsearch query output in format like this:

{
      "_index" : "logstash-2017.06.04",
      "_type" : "nginx_log",
      "_id" : "AVxzT8gGkcEbrbfVdHEU",
      "_score" : null,
      "_source" : {
         "method" : "GET",
        "path" : "",
        "code" : "200",
        "size" : "396",
        "request_time" : "0.000",
        "referer" : "-",
        "agent" : "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36",
        "@timestamp" : "2017-06-04T13:30:37+00:00"
      },
      "sort" : [ 1496583037000 ]
    }

Now I want to get the sum of "size" key. Is it possible from elasticsearch query?

PS: the complete query result looks like this: https://pastebin.com/raw/8aPiAb1V

Thanks.

2

First, change the mapping to make that field a number. Then reindex.
Add a sum agg on field size.

3

Can you please guide me a bit? Thanks

4

Here we go:

DELETE test
PUT test
{
  "mappings": {
    "doc": {
      "properties": {
        "foo": {
          "type": "integer"
        }
      }
    }
  }
}
PUT test/doc/1
{
  "foo": 1
}
PUT test/doc/2
{
  "foo": 2
}
GET test/_search
{
  "size": 0,
  "aggs": {
    "sum_of_foo": {
      "sum": {
        "field": "foo"
      }
    }
  }
}

To reindex, have a look at: https://www.elastic.co/guide/en/elasticsearch/reference/5.4/docs-reindex.html

Do something like:

POST _reindex
{
  "source": {
    "index": "logstash-2017.06.04"
  },
  "dest": {
    "index": "test"
  }
}
5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.