Query to divide aggregation result by a parent value

jong99 · August 11, 2020, 12:52pm

Say I have a series of documents with an event type and a user_id. Is there an Elasticsearch pipeline aggregation that allows me to divide the count of events by the unique total users (not total users per event)? I know I can do this in timelion but trying to craft a query to do this. Any pointers?

Here is what I have so far:

{
  "aggs": {
    "event_count": {
      "terms": {
        "field": "event",
        "size": 5,
        "order": {
          "_count": "desc"
        }
      }
    },
    "num_users": {
      "cardinality": {
        "field": "user_id"
      }
    }
  },
  "size": 0
}

I want to divide each of the event_count values by num_users. Is that possible? I've tried a bucket script aggregation but not sure how I would work the paths out.

Hope I have explained that clearly enough! Thanks

jong99 · August 11, 2020, 4:14pm

Just been looking at the documentation for bucket scripts, which says:

the path cannot go back "up" the aggregation tree.

So I definitely can't place a bucket script inside event_count as I need access to num_users above it. But I can't place one next to num_users as I need to do this for all values in the event_count array.

Is this just not possible using Elasticsearch?

system · September 8, 2020, 4:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.