How to use first aggregations result in second aggreagation

Elastic Stack Elasticsearch
1

Hello,

I ran a date histogram aggregation on my time series data set and got
results like

"aggregations": {
"hitsperfiveminute": {
"buckets": [
{
"key_as_string": "09/Dec/2013:16:50:00",
"key": 1386607800000,
"doc_count": 23620
},
{
"key_as_string": "09/Dec/2013:16:55:00",
"key": 1386608100000,
"doc_count": 2377
},
{
"key_as_string": "09/Dec/2013:17:00:00",
"key": 1386608400000,
"doc_count": 3995
}]}}

Now, I intend to put a range aggregation on the doc count in each bucket so
as to finally get
"aggregations": {
"hitsrange": {
"buckets": [
{
"from": 0,
"to": 10000,
"doc_count": 2
},
{
"from": 10000,
"to": 50000,
"doc_count": 1
}
]
}
}

Please help me get this operation done in a single query.

Thanks and Regards
Swarna

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/c728378e-2b46-4a9f-bac6-560bb0db5d60%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

2

You have to add a new aggs inside the previous agg.

Something like (but with another dataset then yours):

GET person/_search
{
"size": 0,
"aggs": {
"by_year": {
"date_histogram": {
"field": "dateOfBirth",
"interval": "year"
},
"aggs": {
"by_gender": {
"terms": {
"field": "gender",
"size": 10
},
"aggs": {
"children": {
"avg": {
"field": "children"
}
}
}
}
}
}
}
}

--
David Pilato | Technical Advocate | Elasticsearch.com
@dadoonet | @elasticsearchfr

Le 27 juin 2014 à 10:12:06, Swarna M (mvswarna21@gmail.com) a écrit:

Hello,

I ran a date histogram aggregation on my time series data set and got results like

"aggregations": {
"hitsperfiveminute": {
"buckets": [
{
"key_as_string": "09/Dec/2013:16:50:00",
"key": 1386607800000,
"doc_count": 23620
},
{
"key_as_string": "09/Dec/2013:16:55:00",
"key": 1386608100000,
"doc_count": 2377
},
{
"key_as_string": "09/Dec/2013:17:00:00",
"key": 1386608400000,
"doc_count": 3995
}]}}

Now, I intend to put a range aggregation on the doc count in each bucket so as to finally get
"aggregations": {
"hitsrange": {
"buckets": [
{
"from": 0,
"to": 10000,
"doc_count": 2
},
{
"from": 10000,
"to": 50000,
"doc_count": 1
}
]
}
}

Please help me get this operation done in a single query.

Thanks and Regards
Swarna

You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/c728378e-2b46-4a9f-bac6-560bb0db5d60%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/etPan.53ad2912.46e87ccd.b75f%40MacBook-Air-de-David.local.
For more options, visit https://groups.google.com/d/optout.