How to get started with aggregation

(Alok Pandey) #1

Hello Everyone,
I am very new to aggregation and need your help to get started with it. I tried looking after lots of examples shared across net, but failed to understand how to define aggregation. I tried to define aggregation at time of index creation alone with defining mapping with expectation that i will visualize a new bucket.field with the "aggsname" filed on kibana..but maping went through without any sign of creation aggsbucket.

So, can someone help me with link which guide how to get started with aggregation?


curl -X POST localhost:8080/alok2_otrscsv -d '{

"mappings" : { 
   "otrscsv" : {
    "properties" : { 
    "Ticket#" : { "type" : "string" },
    "Created" : { "type" : "date", "format" : "YYYY-MM-dd HH:mm:ss || yyyy-MM-dd HH:mm:ss, MM/dd/YYYY HH:mm:ss || MM/dd/yyyy HH:mm:ss", "null_value" : "0"}, 
    "Changed" : { "type" : "date", "format" : "YYYY-MM-dd HH:mm:ss || yyyy-MM-dd HH:mm:ss, MM/dd/YYYY HH:mm:ss || MM/dd/yyyy HH:mm:ss", "null_value" : "0"},
     "Location" : { "type" : "string"}

"aggs" : {
    "Closed_tickets" : { "terms" : { "field" :"Close Time"} }


(Christoph) #2

aggregations operate alongside search requests, so defining them at index creation time is now possible. I would suggest starting by reading the Aggregations chapter in the Definitive Guide. From there you can familiarize yourself with the concepts by running some simple queries and aggregations from the command line. When you are familiar with the kind of aggregation you want to run, you can add those to Kibana. Please refer to the Kibana User Guide and the Kibana forum on how to do that.

(system) #3