Update by script with aggregated values

Elastic Stack Elasticsearch
1

Hi,

could not found this in the documentation and only a closed ticket (Updating source with aggregation values)

The task would be:
get min of field_a by customer and device and add those min values to each queried document.
In the end each doc should have a field
min_value_of_A_for_customer_and_device_over_target_time
and
min_value_of_A_for_customer_over_target_time

I can query the information (as shown below), but not sure if I can feed it back with easily.

GET live-*/_search?size=0
{
  "query": {
    "bool": {
      "must": {
        "range": {
          " field_a": {
            "gte": 25.0
          }
        }
      }, 
      "filter": {
        "range": {
          "@timestamp": {
            "gte": "now-2M",
            "lte": "now"
          }
        }
      }
    }
  },
  "aggs": {
    "customers_terms": {
      "terms": {
        "field": "customer.keyword",
        "size": 10
      },
      "aggs": {
        "min_field_a_of_customer": {
          "min": {
            "field": "field_a"
          }
        },
        "devices_terms": {
          "terms": {
            "field": "device.keyword",
            "size": 99
          },
          "aggs": {
            "min_field_a": {
              "min": {
                "field": "field_a"
              }
            }
          }
        },
        "avg_field_a_over_devices": {
          "avg_bucket": {
            "buckets_path": "devices_terms>min_field_a"
          }
        }
      }
    }
  }
}

Thanks!

2

Anyone can answer this? Is it possible or do I have to query this to some client and the run a separate logic to update?

3

As far as I'm aware update/reindex scripts only have access to local data (the document being looked at), so you'd indeed need to use an external client.
Not 100% certain though, so if someone else knows of magic tricks I don't...

4

Maybe a elastic member will read this and give me at least a clear no on the topic.

5

I agree with this.

The only job that creates data from aggs is the Rollup API. https://www.elastic.co/guide/en/elasticsearch/reference/current/xpack-rollup.html

But I don't think that's what you want @Bastian_Jager.

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.