Hi,
I'm using Elasticsearch 2.3 and am having a strange problem. I'm loading data about defects with logstash to elasticsearch and when I sum the data I get wrong results.
This is my query:
> {
> "aggs": {
> "2": {
> "terms": {
> "field": "Bug_ID.raw",
> "size": 50,
> "order": {
> "1": "asc"
> }
> },
> "aggs": {
> "1": {
> "sum": {
> "field": "Fixed_Count"
> }
> ....
result:
> "1": {
> "value": -2
> },
> "key": "20456",
> "doc_count": 2
> },
> {
> "1": {
> "value": -2
> },
> "key": "21032",
> "doc_count": 7
> },
> {
> "1": {
> "value": -2
> },
> "key": "21813",
> "doc_count": 2
> .......
But when I filter for a specific bug ID:
> {
> "query": {
> "bool" : {
> "must" : [
> { "match" : { "Bug_ID.raw": "20456" } }
> ]
> }
> },
> "aggs": {
> "2": {
> "terms": {
> "field": "Bug_ID.raw",
> "size": 50,
> "order": {
> "1": "asc"
> }
> },
> "aggs": {
> "1": {
> "sum": {
> "field": "Fixed_Count"
> }
> .......
result:
> "1": {
> "value": 0
> },
> "key": "20456",
> "doc_count": 7
The correct answer is given only when I filter for a specific ID. I've found some posts with a similiar issue but they don't seem related to this.
In my logstash configuration I am using an aggregate filter.
thanks,
aviv