Sum aggregation on distinct values of field

Elastic Stack Elasticsearch
1

Hi,

I want to make a query that returns my wanted documents. from those documents i need to sum aggregate

field1

on all the distinct values of

field2

small example:

i have index that has 500 documents with fields

download

and

application

now ill try to describe the result im looking for:

total_docs_in_index: 500

total_search_hit: 10

sum_agg:
application: twitter : {hits: 3 ,download : 123456}
( this will show 2 aggregations, first, how many documents with twitter as their application there is and secondly is the sum of all download field of these documents)
application: wahtsapp: {hits: 3, download: 6789}
application: facebook:{hits: 4, download: 90123}

is it possible?

I find it easy to aggregate each field by itself ( normal aggregation to see how many application: twitter in my query documents, or sum aggregation on the download field) but i cant seem to be able to combine the 2.

Thanks in advance.

P.S - the "result" i wrote is fictional to try and better describe what i need, i just need to know how to do that complex aggregation, all the rest can be the default response of elasticsearch

2

I'm not positive I understood what you're after, but I think this is it:

GET _search
{
  "aggs": {
    "application": {
      "terms": {
        "field": "application",
        "size": 10
      },
      "aggs": {
        "num_downloads": {
          "sum": {
            "field": "download"
          }
        }
      }
    }
  }
}

That will give you a bucket-per-application, and inside each bucket it'll tally up the sum of the download field of all documents that have the particular application.

1 Like
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.