How to perform the mathematical operation on data from elasticsearch

kish · March 1, 2018, 12:14pm

I need to have average of cpuload on specific nodetype. My data in elastic search is below. i.e if i give nodetype as 'tpt' it should give the average of cpuload of nodetype's of all tpt available. I tried different methods but vain...

{
  "took" : 5,
  "timed_out" : false,
  "_shards" : {
    "total" : 5,
    "successful" : 5,
    "failed" : 0
  },
  "hits" : {
    "total" : 4,
    "max_score" : 1.0,
    "hits" : [
      {
        "_index" : "kpi",
        "_type" : "kpi",
        "_id" : "\u0003",
        "_score" : 1.0,
        "_source" : {
          "kpi" : {
            "CpuAverageLoad" : 13,
            "NodeId" : "kishan",
            "NodeType" : "Tpt",
            "State" : "online",
            "Static_limit" : 0
          }
        }
      },
      {
        "_index" : "kpi",
        "_type" : "kpi",
        "_id" : "\u0005",
        "_score" : 1.0,
        "_source" : {
          "kpi" : {
            "CpuAverageLoad" : 15,
            "NodeId" : "kishan1",
            "NodeType" : "tpt",
            "State" : "online",
            "Static_limit" : 0
          }
        }
      },
      {
        "_index" : "kpi",
        "_type" : "kpi",
        "_id" : "\u0004",
        "_score" : 1.0,
        "_source" : {
          "kpi" : {
            "MaxLbCapacity" : "700000",
            "NodeId" : "kishan2",
            "NodeType" : "bang",
            "OnlineCSCF" : [
              "001",
              "002"
            ],
            "State" : "Online",
            "TdbGroup" : 1,
            "TdGroup" : 0
          }
        }
      },
      {
        "_index" : "kpi",
        "_type" : "kpi",
        "_id" : "\u0002",
        "_score" : 1.0,
        "_source" : {
          "kpi" : {
            "MaxLbCapacity" : "700000",
            "NodeId" : "kishan3",
            "NodeType" : "bang",
            "OnlineCSCF" : [
              "001",
              "002"
            ],
            "State" : "Online",
            "TdLGroup" : 1,
            "TGroup" : 0
          }
        }
      }
    ]
  }
}

kish · March 2, 2018, 4:27am

And my query is

curl -XGET 'localhost:9200/_search?pretty' -H 'Content-Type: application/json' -d'
{
    "query": {
        "bool" : {
            "must" : {
                "script" : {
                    "script" : {
                        "source" : "kpi[CpuAverageLoad].value > params.param1",
                        "lang"   : "painless",
                        "params" : {
                            "param1" : 5
                        }
                    }
                }
            }
        }
    }
}'

but is falling as it is unable to find the exact source.

{
"error" : {
"root_cause" : [
{
"type" : "illegal_argument_exception",
"reason" : "[script] unknown field [source], parser not found"
}
],
"type" : "illegal_argument_exception",
"reason" : "[script] unknown field [source], parser not found"
},
"status" : 400
}

raposa · March 2, 2018, 5:21am

Your Painless syntax for accessing the field is a bit off. Replace your source with the following and it should work:

"doc['kpi.CpuAverageLoad'].value > params.param1"

kish · March 2, 2018, 6:16am

Hi,
Its still the same..
Query:

 curl -XGET 'localhost:9200/_search?pretty' -H 'Content-Type: application/json' -d'
    {
        "query": {
            "bool" : {
                "must" : {
                    "script" : {
                        "script" : {
    						"lang":   "expression",
                            "source" : "doc['kpi.CpuAverageLoad'].value * 5",
                              } } } } } }'

Error:
> {

  "error" : {
    "root_cause" : [
      {
        "type" : "illegal_argument_exception",
        "reason" : "[script] unknown field [source], parser not found"
      }
    ],
    "type" : "illegal_argument_exception",
    "reason" : "[script] unknown field [source], parser not found"
  },
  "status" : 400
}
[

raposa · March 2, 2018, 12:35pm

Ahhh...that was a different issue with your code. Make sure when you view the documentation that you select the version of the docs that matches the version of Elasticsearch you are using. The source parameter is for 6.x. Try changing source to inline:

{
    "query": {
        "bool" : {
            "must" : {
                "script" : {
                    "script" : {
                        "inline" : "doc['kpi.CpuAverageLoad'].value > params.param1",
                        "lang"   : "painless",
                        "params" : {
                            "param1" : 5
                        }
                    }
                }
            }
        }
    }
}

system · March 30, 2018, 12:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Aggregation operation on Elastic search data Elasticsearch	2	389	April 10, 2018
Elasticsearch high load average/cpu usage Elasticsearch	1	682	July 6, 2017
How to collect cpu stats for elastic nodes Elasticsearch	3	696	March 14, 2019
Avg aggregation on string values Elasticsearch	2	362	July 6, 2017
DSL Query For CPU Load (MetricBeat Data) Elasticsearch	9	1791	February 17, 2017

How to perform the mathematical operation on data from elasticsearch

Related topics