Sorting nested aggregations painless

twierdzenie · April 5, 2024, 2:50pm

Hi,
let's say i have documents with fields: name, surname, score and timestamp;
i'm aggregating it by combination name and surname then getting last score of the day for each pair for 1 week, BUT:
i'm trying to get them results sorted by @timestamp desc for few inputs each of them is 1 week;
I can easily aggregate them and add together to get a whole month, but i can't sort them by day;
Is there any functions in painless i could use maybe in script to sort an array of maps by @timestamp field?
my sample input chain:

{
    "week_1": {
    "search": {
        "request": {
        "search_type": "query_then_fetch",
        "indices": [
            "score"
        ],
        "rest_total_hits_as_int": true,
        "body": {
            "size": 10000,
            "query": {
            "bool": {
            "must_not": [
                {
                "term": {
                    "score": -1
                }
                }
            ],
            "filter": [
                {
                "range": {
                    "@timestamp": {
                    "gte": "now-7d/d"
                    
                    }
                }
                }
            ]
            }
            },
            "aggs": {
            "names": {
                "terms": {
                "field": "name",
                "size": 10000
                },
                "aggs": {
                "surnames": {
                    "terms": {
                    "field": "surname",
                    "size": 10000
                    },
                    "aggs": {
                    "days": {
                        "date_histogram": {
                        "field": "@timestamp",
                        "calendar_interval": "day"
                        },
                        "aggs": {
                        "last_document": {
                            "top_hits": {
                            "size": 1,
                            "sort": [
                                {
                                "@timestamp": {
                                    "order": "desc"
                                }
                                }
                            ]
                            }
                        }
                        }
                    }
                    }
                }
                }
            }
            }
        }
        }
    }
    }
},
{
    "week_2": {
    "search": {
        "request": {
        "search_type": "query_then_fetch",
        "indices": [
            "score"
        ],
        "rest_total_hits_as_int": true,
        "body": {
            "query": {
            "bool": {
            "must_not": [
                {
                "term": {
                    "score": -1
                }
                }
            ],
            "filter": [
                {
                "range": {
                    "@timestamp": {
                    "gte": "now-14d/d",
                    "lt": "now-8d/d"
                    
                    }
                }
                }
            ]
            }
            },
            "aggs": {
            "names": {
                "terms": {
                "field": "name",
                "size": 10000
                },
                "aggs": {
                "surnames": {
                    "terms": {
                    "field": "surname",
                    "size": 10000
                    },
                    "aggs": {
                    "days": {
                        "date_histogram": {
                        "field": "@timestamp",
                        "calendar_interval": "day"
                        },
                        "aggs": {
                        "last_document": {
                            "top_hits": {
                            "size": 1,
                            "sort": [
                                {
                                "@timestamp": {
                                    "order": "desc"
                                }
                                }
                            ]
                            }
                        }
                        }
                    }
                    }
                }
                }
            }
            }
        }
        }
    }
    }
},
{
  "all_score": {
  "transform":{
    "script":{
    "source": """
      def docs = [];
      for (item in ctx.payload.week_2.aggregations.names.buckets){
        for (surnames in item.surnames.buckets){
          for (day in surnames.days.buckets){
            docs.add(day.last_document.hits.hits[0]);
          }
        }
      }
      for (item in ctx.payload.cvss_score_week_1.aggregations.names.buckets){
        for (surnames in item.surnames.buckets){
          for (day in surnames.days.buckets){
            docs.add(day.last_document.hits.hits[0]);
          }
        }
      }
      return docs;
    """,
    "lang": "painless"
    }
  }
  }
}

Topic		Replies	Views
Aggregation sort by timestamp Elasticsearch	1	1274	July 5, 2017
Painless access to nested objects Elasticsearch	2	3567	March 3, 2017
Querying and sorting using painless script and nested fields Elasticsearch	3	4867	October 20, 2020
How do i sorting by buckets index in nested aggregation instead doc_count? Elasticsearch	1	837	January 18, 2019
ELASTICSEARCH - Sort agg values only in most recent document Elasticsearch	3	389	October 6, 2020

Sorting nested aggregations painless

Related topics