I am trying to find the sum aggregate data(total count) of a field for my query. I also want to find the sum aggregate data of that same field, but on a different day/time. How can I write that has this type of functionality?
I have a bool query where I am specifying the range(date and hour) of the field I am aggregating on. Is it possible to do 2 aggs on the same field in one body?
Hi @Kaushik123,
Yes there's no problem to make 2 different aggregations on the same fields, as far as you call your aggregations with a different name so they'll not merge.
So far what did you try? can you provide some document example so I can help to build your aggregations.
Hi Kaushik123,
It's not a problem to perform two aggregation on the same time. results will be two different columns. So, there would be no conflict.
Provide us the documents if you are facing in doing any aggregations.
Hello @gabriel_tessier,
So far, I have 2 different bodies with 2 different aggregations.
I linked another post shown above. What I am trying to do is compare the results(sum) of the 2 aggregations. In this case, I want to know what the 2xx count is today compared to yesterday. If the count is decreasing, I wish to print a warning or some sort.
How can I accomplish this using elasticsearch (elasticsearch dsl)?
Thanks for the reply @kumar8055,
I did not have any trouble finding the aggregations. What I am trying to understand is how I can compare 2 aggregations, when both aggregations are performed on the same field, just different time/date.
The field I am calculating on is in a index called swift-xxx. So what I am doing is creating a body with the aggregation(date/time specified in a bool query), and then calling the result as shown below.
Queries for the 2 aggregations
count = es.search(index='swift-xxx', body=2xxCount)
print(count)
count2 = es.search(index='swift-xxx', body=2xxLast2Days)
print(count2)
Note that these two are 2 seperate queries that result 2 seperate sum aggregations. Is there any way I can combine then into one body and compare the result - i.e. see which 2xx is greater and print it.
Hi @Kaushik123,
I replied in the other thread, maybe better to keep only one thread to prevent duplication...
As the other thread have the request code, it will be better to stop reply on this thread.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.