Hi, I am looking for some review on my below aggregate query, any feedback would be great as I am pretty new to Elastic Search.
I have index like
Email(parent) {senderIp:ipadd, RecieptCount:num, Join:{Campaign}}
Campaign (child) { Name:string,parentkey}.
Now the requirement is apply a filter on email, group by Email received Time, then group by campaign name and get the sum of receipt in each campaign.
eg.
ReceivedTime:{Bucket:[key: "10-1-2020", value:{
Bucket:[{
key:Camp1,
receiptCount:100},
{key:camp2,receiptCount:1}]}]
Now I am apply below aggregate and would like to understand the performance consideration and if there is any other way around.
{
"summarizeByDateAggregate": {
"date_histogram": {
"field": "ReceivedTime",
"interval": "1h"
},
"aggs": {
"summarizeByCampaign": {
"children": {
"type": "campaigndata"
},
"aggs": {
"summarizeByCampaignType": {
"terms": {
"field": "CampaignName",
"size": 20,
"shard_size": 60
},
"aggs": {
"parentAggregate": {
"parent": {
"type": "campaigndata"
},
"aggs": {
"recipientCountAgg": {
"sum": {
"field": "RecipientsCount"
}
}
}
}
}
}
}
}
}
}
}
As once I apply children aggregate, I need to go for parent aggregate as I want to apply sum on parent. (otherwise its not recognizing Receipt Count which kind of make sense because than its only looking into current document)
My understand it should not be big performance issue as Elastic will only be doing bucketing on documents and fetching is already done