Hi,
We are trying to implement the aggregate query in Logstash using the Elasticsearch input plugin and have the following in our input portion of the Logstash configuration:
input {
elasticsearch {
hosts => "<host>"
user => "<username>"
password => "<password>"
index => "students"
query => '{
"query" : {
"constant_score" : {
"filter" : {
"match" : { "name" : "Vinoth" }
}
}
},
"size": 0,
"aggs": {
"Vinoth_avg_marks": {
"avg" : { "field" : "mark" }
}
}
}'
size => 100
scroll => "100m"
docinfo => true
#add_field => {"Vinoth_avg_marks" => "%{[aggs][Vinoth_avg_marks][value]}"}
}
}
We want to find the average scores of the person "Vinoth". When we tried to implement this in the Kibana Dev tools, we were getting the correct result. However, the result was only achieved in the "aggregations" object. We noticed that Logstash only returns the contents of the "hits" object. Is it possible to return the contents of the "aggregations" object as well? If so, how? This question has also been raised here: Aggregation Query possible input ES plugin .
A response will be much appreciated. Thanks in advance.