How to sum bucket aggregations in ranges

tahseen_fatima · January 29, 2021, 6:53am

Hi,

I have a ELK setup of 7.10.0v.
I have created one data-table with sum of brokerage, Unique count of Client_id and so on, now in the bucket I want to do the ranges on sum of brokerage. How can I take sum of brokerage in Range bucket of data table.

PFA for reference I have highlighted the columns of brokerage.

Kindly help,
Tahseen

tahseen_fatima · January 29, 2021, 10:39am

Hi,

My data table query looks like this.

{
  "aggs": {
    "3": {
      "range": {
        "field": "brk_amt",
        "ranges": [
          {
            "from": 0,
            "to": 199
          },
          {
            "from": 200,
            "to": 499
          },
          {
            "from": 500
          }
        ],
        "keyed": true
      },
      "aggs": {
        "1": {
          "cardinality": {
            "field": "ent_id.keyword"
          }
        },
        "4": {
          "sum": {
            "field": "brk_amt"
          }
        }
      }
    }
  },
  "size": 0,
  "stored_fields": [
    "*"
  ],
  "script_fields": {},
  "docvalue_fields": [
    {
      "field": "@timestamp",
      "format": "date_time"
    },
    {
      "field": "creat_dt",
      "format": "date_time"
    },
    {
      "field": "ent_dob",
      "format": "date_time"
    },
    {
      "field": "long_trade_date",
      "format": "date_time"
    },
    {
      "field": "mapping_date",
      "format": "date_time"
    },
    {
      "field": "trade_date",
      "format": "date_time"
    }
  ],
  "_source": {
    "excludes": []
  },
  "query": {
    "bool": {
      "must": [],
      "filter": [
        {
          "match_all": {}
        },
        {
          "range": {
            "trade_date": {
              "gte": "2020-12-30T10:22:14.664Z",
              "lte": "2021-01-29T10:22:14.664Z",
              "format": "strict_date_optional_time"
            }
          }
        }
      ],
      "should": [],
      "must_not": []
    }
  }
}

In this I query it is taking the range of "brk_amt", but in my case I want to take the range on sum of brk_amt.

Please help to find a solution.

Regards,
Tahseen

afharo · February 1, 2021, 3:23pm

Hi @tahseen_fatima,

I understand from your question that you want to first sum the Brokerage, and then group them by ranges?

AFAIK, that kind of filter aggregation (Ranges) after a metric (Sum) is not supported by the core visualizations in Kibana. You might be able to achieve what you're after with Vega and their advanced usage.

Question aside: what would be the key to break your visualization for? AFAIK, if there's no initial group by key, you'll only get 1 row in your table, won't you?

system · March 1, 2021, 3:23pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.