Hi,
I'm using Elastic 6.0.0.
Using aggregations for the first time and I'm having some trouble with it.
My documents look something like this:
{
...
"name" : "myname" (string),
"result_count": 1234 (number)
...
}
I'm getting results for multiple names each second.
What I want to achieve is to be able to decide for each name if the result count is low lately relative to the average.
So I wanted to have the average per minute per name, and compare it to the average for this name across the last say 24 hours.
I did the following:
TermsAggregationBuilder termsAggregationBuilder = AggregationBuilders.terms("agg1").field("name.keyword").size(1000)
.subAggregation(new DateHistogramAggregationBuilder("dateAgg")
.dateHistogramInterval(DateHistogramInterval.MINUTE)
.field("datetime")
.subAggregation(AggregationBuilders.avg("agg2").field("result-count")))
.subAggregation(new ExtendedStatsAggregationBuilder("stats").field("result-count"));
So since "name" is a string I can't use it for the aggregation so I'm using the "keyword" of it.
However when I get the response then I only see the keyword which is a bunch of hex values and the keyAsString is null,
I would like to understand how do I see the name itself i.e. the String that belongs to the same keyword?
And any comment on what I'm doing will be more than welcome.
Thanks
Shira