Hi,
I am trying to create index action and push aggregated result back into elasticsearch much like this post.
Below is the painless script that I wrote for this purpose. Once I run this watch, I am getting all the aggregation result in 1 document instead of getting 1 document for each count or bucket.
Script:
"transform":{
"script": {
"lang": "painless",
"inline": "ctx.payload._doc = []; def myfield = 'abc'; def count = 'abc'; def execution_time = 'abc'; for(item in ctx.payload.aggregations.filter_by_myfield.buckets.entrySet()) { def document = [ 'myfield' : item.getKey(), 'count' : item.getValue().doc_count, 'execution_time' : ctx.execution_time ]; ctx.payload._doc.add(document);} return ctx.payload._doc; "
}
}
The result is something like this in Kibana (only 1 document):
"_source": {
"_value": [
{
"count": 29,
"myfield": "VALUE_1523",
"execution_time": "2017-05-31T19:39:38.466Z"
},
{
"count": 52,
"dnis": "VALUE_1010",
"execution_time": "2017-05-31T19:39:38.466Z"
}
]
},
I have gone through this doc, where it says if _doc is an array, it is split into multiple documents. I did the same, but still _value field is getting all the aggregation result in 1 document.
I also tried _doc instead of ctx.payload._doc, but no success.