Using field results from main filter as input for 'has_child' filter (opening github issue?)

Hi,

I have followin use case for which I can't find an immediate solution right
now.

Use case:
I have a parent child relationship where parent represent a device and
child a module (eg. sensor) on a device. One device can have many modules
of a certain type, eg. 'motion', 'temperature',.... Parents are quite
static, but the module sends monitoring data on a regular basis to
elasticsearch. I need to find the modules (module types) that are not
responsive, ie. modules that did not send monitoring data between now and
now - t.

What I have:
With the query below, I can find devices where ALL of the modules are
unresponsive, but as soon as 1 module is responsive, even if the others are
unresponsive, the device is said to be responsive.

What I need:
I need to find the devices that have at least 1 module that is unresponsive.

Possible solution:
Aggregate on module types, then for each module type execute filter as
shown below AND give that module type to the has_parent -> has_child filter
as a 'and' construct with the range filter.

Is this possible as is or is there another way to solve this? Do I need to
create an issue to add this?

regards,

Sven

POST /devices-v1/module/_search?pretty=true
{
"size": 0,
"query": {
"filtered": {
"query": {
"match_all": {}
}
}
},
"aggs": {
"unresponsive": {
"filter": {
"and": [
{
"range": {
"_timestamp": {
"lt": "now-25m"
}
}
},
{
"not": {
"has_parent": {
"type": "device",
"filter": {
"has_child": {
"type": "module",
"filter": {
"range": {
"_timestamp": {
"gte": "now-25m"
}
}
}
}
}
}
}
}
]
},
"aggs": {
"modules": {
"terms": {
"script": "doc['_parent'].value + '|' +
doc['mod_id'].value ",
"size": 1000000000,
"order": {
"_term": "asc"
}
}
}
}
}
}
}

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/3e3f1074-c283-4a86-acfa-9d443bc5db02%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

I'd like to give this a try. Can you please post a recreation (maybe gist)
of a bunch of sample parent and child documents and how you want the
results returned exactly? Thanks.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/d2fcfa9e-83a6-4e34-90d6-656f927c7f39%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Hi,

Thanks for looking at this! Here is the
gist: gist:10466363 · GitHub

How to test:

1. create schema (first 2 items in gist)
2. create devices (the PUT commando's on the devices/device)
3. create module events (the PUT commando's on the devices/module)
   4.a execute the search
   --> there are no unresponsive devices no
   4.b wait one minute (or adapt the search)
   --> all devices are unresponsive now
   4.c choose exactly one of the previous executed module events and execute
   it again; remember the parent device of the module
   4.d execute the search again
   --> the parent device is not listed again, while the other module has
   not send an event to ES search, meaning it is unresponsive within the time
   constraints from the search

The question now is how to still get the device in the list of unresponsive
devices. Only when all the modules are responsive it must not be shown in
the list.

thnx!

regards,

Sven

On Thursday, April 10, 2014 3:50:57 PM UTC+2, Binh Ly wrote:

I'd like to give this a try. Can you please post a recreation (maybe gist)
of a bunch of sample parent and child documents and how you want the
results returned exactly? Thanks.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/4bb0f564-f7d8-4934-98d7-6a7c6265ac50%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Hi Binh Ly,

Any chance you could have a look at this?
There is a post about scripting & parent/child relationships that might be
useful:
https://groups.google.com/d/topic/elasticsearch/cZaK0R-UmHw/discussion but
as far as I know that is not possible at the moment

Thnx!

regards,

Sven

On Friday, April 11, 2014 3:01:17 PM UTC+2, Sven Beauprez wrote:

Hi,

Thanks for looking at this! Here is the gist:
gist:10466363 · GitHub

How to test:

1. create schema (first 2 items in gist)
2. create devices (the PUT commando's on the devices/device)
3. create module events (the PUT commando's on the devices/module)
   4.a execute the search
   --> there are no unresponsive devices no
   4.b wait one minute (or adapt the search)
   --> all devices are unresponsive now
   4.c choose exactly one of the previous executed module events and execute
   it again; remember the parent device of the module
   4.d execute the search again
   --> the parent device is not listed again, while the other module has
   not send an event to ES search, meaning it is unresponsive within the time
   constraints from the search

The question now is how to still get the device in the list of
unresponsive devices. Only when all the modules are responsive it must not
be shown in the list.

thnx!

regards,

Sven

On Thursday, April 10, 2014 3:50:57 PM UTC+2, Binh Ly wrote:

I'd like to give this a try. Can you please post a recreation (maybe
gist) of a bunch of sample parent and child documents and how you want the
results returned exactly? Thanks.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/24a3c952-c280-4294-92fc-17f69241ae29%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.