How to merge aggregation bucket in Elasticsearch?

hyun · November 26, 2021, 4:33am

Query

GET /_search
{
  "size" : 0,
  "query" : {
    "ids" : {
      "types" : [ ],
      "values" : [ "someId1", "someId2", "someId3" ... ]
    }
  },
  "aggregations" : {
    "how_to_merge" : {
      "terms" : {
        "field" : "country",
        "size" : 50
      }
    }
  }
}

Result

{
   ...
   "aggregations": {
      "how_to_merge": {
         "doc_count_error_upper_bound": 0,
         "sum_other_doc_count": 0,
         "buckets": [
            {
               "key": "KR",
               "doc_count": 90
            },
            {
               "key": "JP",
               "doc_count": 83
            },
            {
               "key": "US",
               "doc_count": 50
            },
            {
               "key": "BE",
               "doc_count": 9
            }
         ]
      }
   }
}

I want to merge "KR" and "JP" and "US"

And change key name to "NEW_RESULT"

So result must like this:

{
   ...
   "aggregations": {
      "how_to_merge": {
         "doc_count_error_upper_bound": 0,
         "sum_other_doc_count": 0,
         "buckets": [
            {
               "key": "NEW_RESULT",
               "doc_count": 223
            },
            {
               "key": "BE",
               "doc_count": 9
            }
         ]
      }
   }
}

Is it possible in Elasticsearch query?

I cannot use a client-side solution since there are too many entities and retrieving all of them and merging would be probably too slow for my application.

Thanks for your help and comments!

casterQ · November 26, 2021, 10:35am

POST caster2/_search
{
  "size": 0,
  "aggs": {
    "groupbyk": {
      "adjacency_matrix": {
        "filters": {
          "group1": {
            "terms": {
              "k1": [
                "a",
                "b"
              ]
            }
          },
          "group2": {
            "terms": {
              "k1": [
                "c"
              ]
            }
          }
        }
      }
    }
  }
}

casterQ · November 26, 2021, 10:35am

@hyun this can work

hyun · November 29, 2021, 6:07am

@casterQ I don't understand the grammar.
What is groupbyk and adjacency_matrix?

Error message like:
Could not find aggregator type [adjacency_matrix] in [groupbyk]

Mark_Harwood · November 29, 2021, 11:24am

Scripts can be used to tweak values from the index. Here's an example

DELETE test
PUT test 
{
  "mappings": {
    "properties": {
      "country":{
        "type": "keyword"
      }
    }
  }
}

POST test/_doc/1
{"country" : "US"}
POST test/_doc/2
{"country" : "JP"}
POST test/_doc/3
{"country" : "KR"}
POST test/_doc/4
{"country" : "Other1"}
POST test/_doc/5
{"country" : "Other2"}
GET test/_search 
{
  "size":0,
  "aggs": {
    "countries": {
      "terms": {
        "script": {
          "params": {"synonyms":{
            "KR": "NewResult",
            "US": "NewResult",
            "JP": "NewResult"
          }},
          "source": """
          def syn =  params['synonyms'][doc['country'].value];
          if (syn !=null) {return syn;} else{ return doc['country'].value;}
          """
        }
      }
    }
  }
}

hyun · November 30, 2021, 1:28am

@Mark_Harwood Thanks for your answer!

I am using version 2.2
So I have to use inline script with groovy

I tried this query

"aggs": {
    "countries": {
      "terms": {
        "script": {
          "params": {"synonyms":{
            "KR": "NewResult",
            "US": "NewResult",
            "JP": "NewResult"
          }},
          "inline": "def syn = params['synonyms'][doc['country'].value]; if (syn != null) {return syn;} else {return doc['country'].value;};"
        }
      }
    }
  }

Then Error Like This:

"reason": {
               "type": "script_exception",
               "reason": "failed to run inline script [def syn = params['synonyms'][doc['country'].value]; if (syn != null) {return syn;} else {return doc['country'].value;};] using lang [groovy]",
               "caused_by": {
                  "type": "missing_property_exception",
                  "reason": "No such property: params for class: e82d610ed84d9787d1d68c886deeb38bf8cb319e"
               }
            }

If don't find the value in params, there's an error.
How can I get the null value back if I don't find the value in params?

Mark_Harwood · November 30, 2021, 7:34am

I’ve no idea I’m afraid because I don’t have 2.2/groovy. Try removing the params and hard coding the list of values in the script as “if == kr” type statements.
Even better - upgrade. Later versions have:

less bugs
better supported
• no serious security vulnerabilities like those found in older versions running groovy.

warkolm · November 30, 2021, 9:04am

2.2 is very well past EOL and no longer supported. You need to upgrade.

system · December 28, 2021, 9:05am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Merge two buckets muli_level inside buckets Elasticsearch	1	104	January 15, 2024
Elasticsearch - Merge date histogram aggregation Elasticsearch	4	504	February 10, 2022
How can I merge the results of two aggregations? Elasticsearch	7	6687	July 6, 2017
Merging buckets of aggregation Elasticsearch	1	738	August 20, 2019
ElasticSearch - Filter Buckets Elasticsearch	2	311	January 26, 2021

How to merge aggregation bucket in Elasticsearch?

Related topics