How set default values with fields in Aggregation results' empty buckets?

teemoGod · January 17, 2019, 9:14am

Hi. Im using Elasticseach 6.4

following is my request.

              "aggs": {
                "times": {
                  "date_histogram": {
                    "field": "ccr.key",
                    "interval": "minute",  
                    "format": "yyyyMMdd:HHmm"
                  },
                  "aggs": {
                    "count" : {
                      "terms": {
                        "field": "ccr.count"
                      }
                    }
                  }
                },...
              }

and following is response

"times": {
            "buckets": [
              {
                "key_as_string": "20190117:1100",
                "key": 1547722800000,
                "doc_count": 1,
                "count": {
                  "doc_count_error_upper_bound": 0,
                  "sum_other_doc_count": 0,
                  "buckets": [
                    {
                      "key": 263,
                      "doc_count": 1
                    }
                  ]
                }
              },
              {
                "key_as_string": "20190117:1101",
                "key": 1547722860000,
                "doc_count": 0,
                "count": {
                  "doc_count_error_upper_bound": 0,
                  "sum_other_doc_count": 0,
                  "buckets": []     // i want to get 0 by default. but there isn't
                }
              }, ....}

but what i want to make response is following

"times": {
            "buckets": [
              {
                "key_as_string": "20190117:1100",
                "key": 1547722800000,
                "doc_count": 1,
                "count": {
                  "doc_count_error_upper_bound": 0,
                  "sum_other_doc_count": 0,
                  "buckets": [
                    {
                      "key": 263,
                      "doc_count": 1
                    }
                  ]
                }
              },
              {
                "key_as_string": "20190117:1101",
                "key": 1547722860000,
                "doc_count": 0,
                "count": {
                  "doc_count_error_upper_bound": 0,
                  "sum_other_doc_count": 0,
                  "buckets": [
                      {
                      "key": 0,      //  if response bucket is empty, set field 'key' to 0 (by default)
                      "doc_count": 0   //  i don't using this field.
                    }] 
                }
              }, ....}

can i set it?

teemoGod · January 18, 2019, 2:47am

i solved.

the problem was 'terms' aggregation.

'terms' aggregation returning buckets.

in this case, 'ccr.count' is integer and there is only 1 docs. (it can be not exist)

so i changed config 'terms' to 'avg' like this.

"aggs": {
                "times": {
                  "date_histogram": {
                    "field": "ccr.key",
                    "interval": "minute",  
                    "format": "yyyyMMdd:HHmm"
                  },
                  "aggs": {
                    "count" : {
                      "avg": { // here
                        "field": "ccr.count"
                      }
                    }
                  }
                },...
              }

then, result will not be buckets. it return 'value' property.

if there isn't exist, returned 'null' value instead of 'empty buckets' like this.

"times": {
            "buckets": [
              {
                "key_as_string": "20190116:0000",
                "key": 1547596800000,
                "doc_count": 1,
                "count": {
                  "value": 156 // when exist
                }
              },{
                "key_as_string": "20190116:0001",
                "key": 1547596860000,
                "doc_count": 0,
                "count": {
                  "value": null // when doesn't exist
                }
              },...]
}

in kibana or vega graph, 'null' and '0' are same value in the graph's Y-Axis.

following is comparison of them.
caution : following graphs are showing difference values. not same.

(when using 'terms' aggregation)

in 00:00 ~ 10:00 , i cant know values are '0' exactly.
it is confusing because look like 'increased steadily'.

(when using 'avg' aggregation)

in 00:00 ~ 10:00,
i know that there values are '0' exactly

warkolm · January 18, 2019, 4:32am

Thanks for sharing the solution!

system · February 15, 2019, 4:32am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch date-histogram aggregations default buckets Elasticsearch	1	347	July 2, 2020
Buckets empty in aggregates Elasticsearch	5	538	July 5, 2017
Where did my aggregation data go! The case of the missing bucket Elasticsearch	1	710	July 5, 2017
Empty buckets return different type of result value '0' and 'null' for the same field Elasticsearch	3	1871	July 29, 2018
How to remove empty buckets aggregation multi field Elasticsearch	3	1460	July 5, 2017

How set default values with fields in Aggregation results' empty buckets?

Related Topics