I want to count the number of buckets in an aggregation using ElasticSearch 5.6.2. My documents look like this:
"caseId": "123456",
"timestamp": "2018-02-26T12:28:30Z",
"status": "0"
The state of the last document entry determines the state of a case. My goal is to compute the number of cases in a given state. To that end, I have written the following query statement:
POST foo/foo/_search?size=0
{
"aggs": {
"caseID_termsAgg": {
"terms": {
"field": "caseId.keyword",
"size": 5,
"order": {
"_term": "desc"
}
},
"aggs": {
"latest_status": {
"max": {
"field": "status"
}
},
"topHits": {
"top_hits": {
"_source": "status",
"size": 1,
"sort": [
{
"timestamp": {
"order": "desc"
}
}
]
}
},
"top_hits_filter": {
"bucket_selector": {
"buckets_path": {
"processStatus": "latest_status"
},
"script": "params.processStatus == 1"
}
}
}
},
"sum": {
"sum_bucket": {
"buckets_path": "caseID_termsAgg._bucket_count"
}
}
}
}
I'm expecting the final aggregation of 'sum' to count the number of buckets in caseID_termsAgg. Instead what ES returns a 0 although there a multiple buckets visible in the query result. I tested replacing '_bucket_count' with 'count' and it correctly sums up the number of documents in each bucket. Can someone tell me what I'm doing wrong here? 