How to return multiple fields in a max aggregation

Motez_Musa · June 13, 2018, 6:46pm

I have this aggregation:

{
  "query": {
    "range": {
      "time_stamp": {
        "lt": "now",
        "gte": "now-1d"
      }
    }
  },
  "size": 0,
  "aggs": {
    "events_by_host": {
      "terms": {
        "field": "cell_host_the_app"
      },
      "aggs": {
        "events_by_date": {
          "date_histogram": {
            "field": "time_stamp",
            "interval": "30m"
          },
          "aggs": {
            "total_cpu": {
              "sum": {
                "field": "cpu_usgae_percentage"
              }
            },
            "max_cpu": {
              "max": {
                "field": "cpu_usgae_percentage"
              }
            }
          }
        },
        "max_aggregated_cpu": {
          "max_bucket": {
            "buckets_path": "events_by_date>total_cpu"
          }
        }
      }
    }
  }
}

I'm trying to figure out a way to return another field (called app_name) from the max_cpu sub aggregation that is performed. Is this possible?

system · July 11, 2018, 6:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to return more than one field in a result of aggregations Elasticsearch	3	6499	July 5, 2017
Return multiple fields when performing aggregations Elasticsearch	1	442	February 25, 2021
Is there any way to get more than one field from an aggregation? Elasticsearch	5	374	February 9, 2022
Help with sum and max query Elasticsearch	7	3926	November 8, 2017
[Elasticsearch 5.4.x] Return additional data when using aggregations? Elasticsearch	3	617	January 26, 2018

How to return multiple fields in a max aggregation

Related topics