Query to divide aggregation result by a parent value

jong99 · August 11, 2020, 12:52pm

Say I have a series of documents with an event type and a user_id. Is there an Elasticsearch pipeline aggregation that allows me to divide the count of events by the unique total users (not total users per event)? I know I can do this in timelion but trying to craft a query to do this. Any pointers?

Here is what I have so far:

{
  "aggs": {
    "event_count": {
      "terms": {
        "field": "event",
        "size": 5,
        "order": {
          "_count": "desc"
        }
      }
    },
    "num_users": {
      "cardinality": {
        "field": "user_id"
      }
    }
  },
  "size": 0
}

I want to divide each of the event_count values by num_users. Is that possible? I've tried a bucket script aggregation but not sure how I would work the paths out.

Hope I have explained that clearly enough! Thanks

jong99 · August 11, 2020, 4:14pm

Just been looking at the documentation for bucket scripts, which says:

the path cannot go back "up" the aggregation tree.

So I definitely can't place a bucket script inside event_count as I need access to num_users above it. But I can't place one next to num_users as I need to do this for all values in the event_count array.

Is this just not possible using Elasticsearch?

system · September 8, 2020, 4:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Dividing buckets values Elasticsearch	3	418	October 20, 2022
Subtract two doc counts from one another Elasticsearch	2	1744	July 5, 2017
Bucket_script aggregation on filters aggegation over nested documents Elasticsearch	1	383	May 8, 2020
How do I use doc_count in an aggregations range query in ElasticSearch 1.0? Elasticsearch	1	329	July 6, 2017
Performing aggregations per child Elasticsearch	3	418	July 5, 2017

Query to divide aggregation result by a parent value

Related topics