I am working on the kibana_sample_data_logs index. I ran the following aggregation:
GET kibana_sample_data_logs/_search?size=0
{
"query": {
"match_all": {}
},
"aggs": {
"doc_buckets_for_terms_aggregation": {
"terms": {
"field": "clientip"
},
"aggs": {
"max_bytes": {
"scripted_metric": {
"init_script": "state.max_bytes = 0L;",
"map_script": """
def current_bytes = doc['bytes'].getValue();
if (current_bytes > state.max_bytes)
{state.max_bytes = current_bytes;}
""",
"combine_script": "return state",
"reduce_script": """
def max_bytes = 0L;
for (s in states) {if (Objects.isNull(s)){max_bytes=max_bytes} else if (s.max_bytes > (max_bytes))
{max_bytes = s.max_bytes;}}
return max_bytes
"""
}
}
}
},
"max_buckets_whole_index": {
"max_bucket": {
"buckets_path": "doc_buckets_for_terms_aggregation>max_bytes"
}
}
}
}
In this snippet above, we first bucket documents on the clientip. Next we run a scripted_metric aggregation to calculate the max_bytes field for each bucket (meaning for each clientip). Finally, we calculate the max_bytes for the whole index by running the max_bucket aggregation.
But I am getting the following error:
{
"error" : {
"root_cause" : [ ],
"type" : "search_phase_execution_exception",
"reason" : "",
"phase" : "fetch",
"grouped" : true,
"failed_shards" : [ ],
"caused_by" : {
"type" : "aggregation_execution_exception",
"reason" : "buckets_path must reference either a number value or a single value numeric metric aggregation, got: [InternalScriptedMetric] at aggregation [max_bytes]"
}
},
"status" : 500
}
It seems that it is not possible for buckets_path to reference a scripted metric.... How do I change my script so that it works ? Thanks in advance...