Terms aggregation not working for nested fields

sruthi · October 12, 2016, 11:05am

I have created an index with the mapping like

  "mappings": {
  "event":{
      "properties": {
        "payload":{
        "type":"nested",
        "properties":{
        "serviceName": {
          "type": "string",
          "index": "not_analyzed"
        }....}

I am trying the below query. It returns null buckets always. If I am changing the field to be analyzed, it works but service name is split.

{
  "size" : 0,
  "aggs" : {
    "services" : {
        "terms" : {
            "field" : "payload.serviceName" 
        }
    }
  }
}

How to fix this?

jpountz · October 14, 2016, 2:29pm

Since your mappings have a nested field, you need to use the nested aggregation.

{
  "size" : 0,
  "aggs" : {
   "payloads": {
      "nested": {
        "path": "payloads"
      },
      "aggs": {
        "services" : {
          "terms" : {
            "field" : "payload.serviceName" 
          }
        }
      }
    }
  }
}