Hi guys,
I got the following use case that even with the aid of your documentation, I'm not being able to achieve. It goes like this:
Let's suppose that I have this index:
Important Note: It's oversimplified just for example sake.
So, Thru the hypothetical Painless scripting below:
I'd like to achieve the following aggregation:
Any thoughts?
You can use a scripted terms aggregation for this.
Given your data has been indexed like this:
POST _bulk
{"index" : {"_index": "my_index", "_type": "doc", "_id": "1"}}
{"category": "BUG", "user": "Peter", "description": "It's a Windows issue bla bla", "date": "2017-01-15"}
{"index" : {"_index": "my_index", "_type": "doc", "_id": "2"}}
{"category": "BUG", "user": "Peter", "description": "It's a Linux and Windows combined issue bla bla", "date": "2017-01-16"}
{"index" : {"_index": "my_index", "_type": "doc", "_id": "3"}}
{"category": "BUG", "user": "Peter", "description": "It's a Linux issue bla bla", "date": "2017-01-17"}
The following aggregation request:
GET my_index/_search
{
"size": 0,
"aggs": {
"Member": {
"terms": {
"script": {
"source": """
if (doc['description.keyword'].value =~ /.*Linux/) {
return "Type A";
}
else {
return "Type B"
}
""",
"lang": "painless"
},
"size": 10
}
}
}
}
Returns you this:
"Member": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "Type A",
"doc_count": 2
},
{
"key": "Type B",
"doc_count": 1
}
]
}
In order to use regular expressions in scripts, you will need to enable that in the elasticsearch.yml configuration file first:
script.painless.regex.enabled: true
Hi @abdon,
Sorry for the late reply and thanks for taking some time thinking of this.
You nailed what I'm after, that's awesome. But I've tried to use the following 2 Elastic interfaces and I didn't succeed. Got to be a char that I'm not scaping:
Head:
Elasticsearch toolbox:
Can you spot something I'm doing wrong?
On that, What API you use to run these aggregations?
I'm not familiar with Head or Elasticsearch toolbox. Maybe you need to escape the slashes? Maybe head does not like the string notation with the three quotes """"?
I typically use Console, the dev tool that's built into Kibana: https://www.elastic.co/guide/en/kibana/current/console-kibana.html
Just a comment. From my experience, HEAD does not work for GET with body.
You need to change the verb to POST.
As @abdon said, better to use Kibana DEV console IMO.
Hi @abdon , it worked. I only had to change "source" by "inline".
@dadoonet you are also right on the verb thing.
Thanks guys!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
