Return a different field than the aggregated field

clofresh · August 28, 2015, 10:35pm

Hi,

Given documents that look like this:

[
  {
    id: 10,
    aggregation_key: "foo",
    timestamp: "2015-08-28"
  },
  {
    id: 20,
    aggregation_key: "foo",
    timestamp: "2015-08-27"
  },
  {
    id: 30,
    aggregation_key: "bar",
    timestamp: "2015-08-25"
  },
]

Can someone tell me if this is possible with the aggregation api:

I want to group documents together by aggregation_key, and for each set of documents with the same aggregation_key, output the id of the latest document.

So for the above example, it'd return something like:

[
  {
    "foo": 10,
    "bar": 30
  }
]

.Carlo

polyfractal · August 28, 2015, 10:59pm

You can do that with a top_hits embedded inside of a terms:

{
    "aggs": {
        "keys": {
            "terms": {
                "field": "aggregation_key"
            },
            "aggs": {
                "top_id": {
                    "top_hits": {
                        "sort": [
                            { "id": { "order": "desc" } }
                        ],
                        "_source": {
                            "include": [ "id" ]
                        },
                        "size" : 1
                    }
                }
            }
        }
    }
}

clofresh · August 29, 2015, 1:59pm

That's exactly what I was looking for, thanks!