How to add a field to the result of the aggregation

Elastic Stack Elasticsearch
1

微信截图_20210726101715
微信截图_202107261017151426×753 59.4 KB

I wrote an aggregation, and it meets my requirements, but I also need to add a field (trace.id) when the results are displayed. Trace.id does not need to be aggregated.
How should dsl be written in this case?
Can anyone help

POST apm-7.8.1-transaction-000012/_search
{
  "size": 0,
  "aggs": {
    "range": {
      "date_range": {
        "field": "date",
        "format": "MM-yyyy",
        "ranges": [
          {
            "to": "now-10M/M"
          },
          {
            "from": "now-10M/M"
          }
        ]
      }
    },
    "service_name": {
      "terms": {
        "field": "service.name"
      },
      "aggs": {
        "url_path": {
          "terms": {
            "field": "url.path",
            "order": [
              {
                "transaction_duration_us": "desc"
              }
            ],
            "size": 10
          },
          "aggs": {
            "transaction_duration_us": {
              "avg": {
                "field": "transaction.duration.us"
              }
            }
          }
        }
      }
    }
  }
}
2

Do you expect this field to be the same for all the documents in a bucket? If not, which value should be displayed? I am a little unsure of the requirements, thus asking again...

What is the information you are trying to get?

3

I want to get some data from the apm error index. The data needs to be sorted (implemented by elasticsearch for the time being). Because the fields displayed by the aggregation operation cannot meet my requirements, I want to add another field, but this field does not need to be added to the aggregation .

I have a python code that will generate an excel sheet from the aggregated result.

微信截图_20210726162357
微信截图_202107261623571569×541 17.2 KB

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.