Problems with min_doc_count

klubbe · September 28, 2017, 12:26pm

I'm making a visualization with the Kibana tool and it keeps giving me an error, but I don't understand why.
What I'm trying to do is removing rows which gets 0 from the count aggregation. i have tried adding the min_doc_count to the other aggregations too, and although it doesn't give me an error when they are placed there, the rows which gets 0 from the count aggregation are not filtered away.

Here is the query:

{
"title": "Switch CRC or Duplex error",
"type": "table",
"params": {
"perPage": 10,
"showPartialRows": false,
"showMeticsAtAllLevels": false,
"sort": {
"columnIndex": null,
"direction": null
},
"showTotal": false,
"totalFunc": "sum"
},
"aggs": [
{
"id": "1",
"enabled": true,
"type": "count",
"schema": "metric",
"params": {
"json": "",
"customLabel": ""
}
},
{
"id": "3",
"enabled": true,
"type": "filters",
"schema": "bucket",
"params": {
"filters": [
{
"input": {
"query": {
"query_string": {
"query": "syslog_message: CRC",
"analyze_wildcard": true
}
}
},
"label": "CRC Allignment error"
},
{
"input": {
"query": {
"query_string": {
"query": "syslog_message: (Duplex AND Mismatch)",
"analyze_wildcard": true
}
}
},
"label": "Speed Duplex error"
}
],
"json": "{ "min_doc_count":1}"
}
},
{
"id": "4",
"enabled": true,
"type": "date_histogram",
"schema": "bucket",
"params": {
"field": "received_at",
"interval": "d",
"customInterval": "2h",
"min_doc_count": 1,
"extended_bounds": {},
"json": "",
"customLabel": ""
}
},
{
"id": "2",
"enabled": true,
"type": "terms",
"schema": "bucket",
"params": {
"field": "host.keyword",
"exclude": {
"pattern": ""
},
"size": 5,
"order": "desc",
"orderBy": "_term"
}
}
],
"listeners": {}
}

And it gives me this error:

Error: [parsing_exception] Unknown key for a VALUE_NUMBER in [3]: [min_doc_count]., with { line=1 col=462 }

What am I doing wrong?

rashmi · September 28, 2017, 7:27pm

Filter aggregation does not support min_doc_count. You could check out https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket.html

You could do a terms aggregation may be to achieve this. Do let us know. We got the same error what you got when min_doc_count was used. Also which version of ES/Kibana you are using helps.

Thanks
Rashmi

klubbe · September 29, 2017, 6:29am

We are using "Version 5.0.2"

What I did to solve this was to use the term aggregation to add the field I was filtering the values from. Then I filtered the entire visualization with this ahndy little query.

{
"query": {
"query_string": {
"default_field": "syslog_message",
"query": ""CRC" OR "Duplex"",
"analyze_wildcard": true
}
}
}

With this you can query for as many values as youd like.

Hope this helps somebody else.

system · October 27, 2017, 6:30am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
{"min_doc_count"} on Unique Count aggregation Kibana	2	3150	May 1, 2019
Simple metric with count not respecting min_doc_count parameter Kibana	3	938	September 28, 2017
Min_doc_count for data table filter aggregation Elasticsearch	1	420	November 18, 2020
Min docs count when using other aggregations Kibana	4	361	March 28, 2019
Something like min_doc_count, but for maximum document count Kibana	3	1918	February 4, 2019

Problems with min_doc_count

Related topics