Terms aggregation not working for nested fields

sruthi · October 12, 2016, 11:05am

I have created an index with the mapping like

  "mappings": {
  "event":{
      "properties": {
        "payload":{
        "type":"nested",
        "properties":{
        "serviceName": {
          "type": "string",
          "index": "not_analyzed"
        }....}

I am trying the below query. It returns null buckets always. If I am changing the field to be analyzed, it works but service name is split.

{
  "size" : 0,
  "aggs" : {
    "services" : {
        "terms" : {
            "field" : "payload.serviceName" 
        }
    }
  }
}

How to fix this?

jpountz · October 14, 2016, 2:29pm

Since your mappings have a nested field, you need to use the nested aggregation.

{
  "size" : 0,
  "aggs" : {
   "payloads": {
      "nested": {
        "path": "payloads"
      },
      "aggs": {
        "services" : {
          "terms" : {
            "field" : "payload.serviceName" 
          }
        }
      }
    }
  }
}

Topic		Replies	Views
Terms aggregation not working for a specific field Elasticsearch	3	7180	July 13, 2017
Can't get empty buckets with nested, terms aggregation Elasticsearch	1	1054	July 5, 2017
How to aggregate nested fields with null values? Elasticsearch	2	1181	October 13, 2019
Empty buckets for filtered nested aggregation in 5.0 version Elasticsearch	1	562	December 15, 2016
Not_analyzed impact on terms aggregations Elasticsearch	2	929	July 5, 2017

Terms aggregation not working for nested fields

Related topics