my ES/Kibana version is 6.4.1.
i'm using nested aggregation.
i am making log system with analysis via kibana's vega.
so, i want to sort by buckets index these nested fields , not field name.
(for call method sequence)
for example, following is request
"aggs": {
"results": {
"nested": {
"path": "profiles"
},
"aggs": {
"keys": {
"terms": {
"field": "profiles.key",
"size": 1000,
"order": {"_key": "asc"}
},
"aggs": {
"results": {
"date_range": {
"field": "profiles.REQ_TIME",
"ranges": [
{"from": "now+9h/d", "to": "now+1d+9h/d"},
{"from": "now-1d+9h/d", "to": "now+9h/d"},
{"from": "now-2d+9h/d", "to": "now-1d+9h/d"},
{"from": "now-3d+9h/d", "to": "now-2d+9h/d"}
]
},
"aggs": {
"keyperf": {
"avg": {
"field": "profiles.PERF"
}
},
// callers must to be sorted by json log's sequence
"callers" : {
"terms": {
"field": "profiles.caller",
"size": 1000
},
"aggs" : {
"callerperf" : {
"avg": {
"field": "profiles.PERF"
}
}
}
}
}
}
}
}
}
}
}
and following is response. (aggregations only)
"aggregations": {
"results": {
"doc_count": 42,
"keys": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "db",
"doc_count": 21,
"results": {
"buckets": [
{
"key": "2018-12-18 00:00:00-2018-12-19 00:00:00",
...
},
{
"key": "2018-12-19 00:00:00-2018-12-20 00:00:00",
...
},
{
"key": "2018-12-20 00:00:00-2018-12-21 00:00:00",
...
// the problem is here. how can i sorting by callers.buckets' index ?
"callers": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
// this property's sequence is 1. because doc_count is 12 so priority is 1. good.
{
"key": "One::one",
"doc_count": 12,
"callerperf": {
"value": 32.333333333333336
}
},
// this property's sequence is 2. because doc_count is 4 so priority is 2. but i want to change to 3
{
"key": "Three::three",
"doc_count": 4,
"callerperf": {
"value": 27.5
}
},
// this property's sequence is 3. because doc_count is 2 so priority is 3.
// but i want to change to 4
{
"key": "Four::four",
"doc_count": 2,
"callerperf": {
"value": 31.5
}
},
// this property's sequence is 4. because doc_count is 2 so priority is 4. pre-property's doc_count is 2 too. but i dont know why 'Two::two' key's priority is lower than that.
// but i want to change to 2
{
"key": "Two::two",
"doc_count": 2,
"callerperf": {
"value": 29.5
}
},
// this property's sequence is 5. because doc_count is 1 so priority is 5. good. but i guess it's priority will be changed when if doc_count's count increased.
{
"key": "Five::five",
"doc_count": 1,
"callerperf": {
"value": 53
}
}
]
}
},
...
}
]
}
},
{
"key": "mcache",
...
},
{
"key": "curl",
...
},
}
]
}
}
}
but my actual log files are different sequence. like this.
"profiles" : [
{
"REQ_TIME": "2018-12-20 13:18:26",
"key": "db",
"caller": "One::one",
"RES_TIME": "2018-12-20 13:18:26",
"PERF": 33
},
{
"REQ_TIME": "2018-12-20 13:18:26",
"key": "db",
"caller": "Two::two",
"RES_TIME": "2018-12-20 13:18:26",
"PERF": 33
},
{
"REQ_TIME": "2018-12-20 13:18:26",
"key": "db",
"caller": "Three::three",
"RES_TIME": "2018-12-20 13:18:26",
"PERF": 33
},
{
"REQ_TIME": "2018-12-20 13:18:26",
"key": "db",
"caller": "Four::four",
"RES_TIME": "2018-12-20 13:18:26",
"PERF": 33
},
{
"REQ_TIME": "2018-12-20 13:18:26",
"key": "db",
"caller": "Five::five",
"RES_TIME": "2018-12-20 13:18:26",
"PERF": 33
},
]
im using kibana(vega visualize)for my system.
but vega doesn't know 'what is the first called property'.
so i will command to Elasticsearch, 'sort by json file's sequence these nested properties '
actualy, caller field is method's name.
so, i cant change it to number (like 1::1 or 2::2 etc)
i guess my agreggation result are sorted by doc_count desc.
how can i sort nested fields by same sequence as actually json file's nested fileds sequence instead of doc_count?