ege
December 10, 2020, 1:11pm
1
Consider the below response for an Elasticsearch query.
"aggregations" : {
"terms" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "1",
"doc_count" : 3,
"top_status_hits" : {
"hits" : {
"total" : {
"value" : 3,
"relation" : "eq"
},
"max_score" : null,
"hits" : [
{
"_index" : "demo-index",
"_type" : "_doc",
"_id" : "2L2JR3YBsgdxC8Q2whgP",
"_score" : null,
"_source" : {
"Status" : "end",
"ID" : "1"
},
"sort" : [
"end"
]
}
]
}
}
}
]
}
}
How can I access the Status and ID fields in a Vega code? I tried doing it like below without any success.
"format": {"property": "aggregations.terms.buckets"},
"transform": [
{
"type": "flatten",
"fields": ["top_status_hits.hits.hits"],
"as": ["data"]
},
{"type": "pie", "field": "data._source.Status"}
]
Any suggestions?
Untested. Try
"format": {"property": "aggregations.terms.buckets. top_status_hits.hit.hits"},
Then use the below to access them
_source.Status_source.ID
ege
December 10, 2020, 1:58pm
3
Hi @aaron-nimocks , thanks for the reply.
I tried what you said, but, it gives the following error.
This one is special because you have an array within an array. Not sure I've done that before.
Using the Vega Editor I was getting close but couldn't get inside that 2nd array yet. If I have time I will come back to it later today.
Possible to change your query to only return a single array or to narrow down the results you need?
{
"$schema": "https://vega.github.io/schema/vega/v5.json",
"data": [
{
"name": "table",
"values": {
"aggregations": {
"terms": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "1",
"doc_count": 3,
"top_status_hits": {
"hits": {
"total": {"value": 3, "relation": "eq"},
"max_score": null,
"hits": [
{
"_index": "demo-index",
"_type": "_doc",
"_id": "2L2JR3YBsgdxC8Q2whgP",
"_score": null,
"_source": {"Status": "end", "ID": "1"},
"sort": ["end"]
}
]
}
}
}
]
}
}
},
"format": {"property": "aggregations.terms.buckets"},
"transform": [
{
"type": "formula",
"as": "data",
"expr": "datum.top_status_hits.hits.hits"
}
]
}
],
"marks": [
{
"type": "text",
"from": {"data": "table"},
"encode": {
"enter": {
"fill": {"value": "#000"},
"text": {"field": "doc_count"},
"x": {"value": 10},
"y": {"value": 10}
}
}
}
]
}
ege
December 10, 2020, 3:58pm
7
Sure @aaron-nimocks . It'll be really helpful if you could find a solution. Meanwhile, I'll show what I wanted to achieve.
What I did to get this result was by using a top_hits metric aggregator on the index. Here's the data I used.
1,start
And here's the Elasticsearch API request I used for achieving the response I mentioned earlier.
GET /demo*/_search
{
"aggs": {
"terms": {
"terms": {
"field": "ID.keyword",
"size": 10
},
"aggs": {
"top_status_hits": {
"top_hits": {
"sort": [
{
"Status.keyword": {
"order": "asc"
}
}
],
"_source": {
"includes": [
"ID",
"Status"
]
},
"size": 1
}
}
}
}
}
}
I wanted to get the last status for each ID from the index.
Try
"format": {"property": "aggregations.terms.buckets[0].top_status_hits.hits.hits"}
and for displaying in marks use
"text": {"field": "_source.Status"},
2 Likes
ege
December 10, 2020, 4:16pm
9
1 Like
Awesome!
At first I was trying to dynamically parse the buckets array. After thinking about it there should only always be just 1 with that query.
Adding the [0] in aggregations.terms.buckets[0].top_status_hits.hits.hits just means use the first result and only first result. So really you just walk down the JSON path in order to get to the data you want and end at an array which is the 2nd hits.
Just adding more detail in case someone else runs across this and needs it.
1 Like
system
January 7, 2021, 4:20pm
11
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
