Watcher - how to write painless script for looping aggregated buckets


(Surya Dadi Dhamarakeswara) #1

Hi,
I wrote a watcher to query some logs and aggregate using terms aggregations and under terms aggregations I wrote sub aggregation as follows

"aggs": {
        "host_wise": {
          "terms": {
            "field": "abc.keyword",
            "size": 3
          },
          "aggs": {
            "max_latency": {
              "max": {
                "field": "cde"
              }
            }
          }
        },
        "all": {
          "filter": {
            "query_string": {
              "query": "*",
              "analyze_wildcard": true
            }
          }
        }
      }

So I am getting buckets like

"buckets": [
          {
            "doc_count": 405,
            "max_latency": {
              "value": 30351
            },
            "key": "work1"
          },
          {
            "doc_count": 340,
            "max_latency": {
              "value": 15935
            },
            "key": "work2"
          }
        ]

How can I loop this buckets and create dynamic keys like max_latency1 and max latency2 for both bucket values ?


(Alexander Reelsen) #2

I am not sure I follow your use-case here. Do you want to find out the max latency or something else? Just looping through the result and collecting only the value fields would be something like

ctx.payload.aggregations.host_wise.buckets.stream().map(b -> b.max_latency.value).collect(Collectors.toList());

Hope this helps, otherwise can you please expand your use-case?

--Alex


(Surya Dadi Dhamarakeswara) #3

what the above code will give us? I mean what type of output it will return?
what I need to do is get all the 'key' values when max_latency value is greater than 10000.


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.