Kibana range agg. show wired result

Hyojoung_Shin · December 9, 2018, 2:57pm

Hi!
I used sample data(kibana_sample_data_ecommerce) to study functions.

Range query agg. shows something wired result and I could not understand it.

I hope someone gives me a clue to understand result.

Total number of documents is 4,675.
When I apply range agg. total number of documents is 4,672+275 which is exceed 4,675.

Here is request and result.

request

{
  "aggs": {
    "2": {
      "range": {
        "field": "products.base_price",
        "ranges": [
          {
            "from": 0,
            "to": 100
          },
          {
            "from": 100,
            "to": 400
          }
        ],
        "keyed": true
      }
    }
  },
  "size": 0,
  "_source": {
    "excludes": []
  },
  "stored_fields": [
    "*"
  ],
  "script_fields": {},
  "docvalue_fields": [
    {
      "field": "customer_birth_date",
      "format": "date_time"
    },
    {
      "field": "order_date",
      "format": "date_time"
    },
    {
      "field": "products.created_on",
      "format": "date_time"
    }
  ],
  "query": {
    "bool": {
      "must": [
        {
          "match_all": {}
        },
        {
          "range": {
            "order_date": {
              "gte": 1514732400000,
              "lte": 1546268399999,
              "format": "epoch_millis"
            }
          }
        }
      ],
      "filter": [],
      "should": [],
      "must_not": []
    }
  }
}

result

{
  "took": 0,
  "timed_out": false,
  "_shards": {
    "total": 1,
    "successful": 1,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": 4675,
    "max_score": 0,
    "hits": []
  },
  "aggregations": {
    "2": {
      "buckets": {
        "0.0-100.0": {
          "from": 0,
          "to": 100,
          "doc_count": 4672
        },
        "100.0-400.0": {
          "from": 100,
          "to": 400,
          "doc_count": 275
        }
      }
    }
  },
  "status": 200
}

I could not understand the result. total hits is 4675 but sum of agg. bucket is exceed total hits.
Is it right behavior of range agg.?

Thanks.
HJ Shin.

bryan_stuhlsatz · December 9, 2018, 5:45pm

This is expected. You are making an assumption that each record contains 1 item purchased. Not the case. Some documents contain multiple items (purchases). So your range query is picking up multiple documents. You can have a high priced item and a low priced item show up in the same document, and therefore be counted in your low range and higher range. To prove, change your range from 0-10,000 dollars. You now have a complete document set because all the docs fall into that price range.

Make sense?

Hyojoung_Shin · December 10, 2018, 4:04am

Thanks Bryan!

You gave me a very clear answer.

Thank you so much.

system · January 7, 2019, 4:04am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.