Get result from aggs in script ElasticSearch/Painless
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I'm new in ElasticSearch world. I've been trying write simple request and I need to get aggs result in my script to make simple condition. Is it possible to do it in this way?
The condition below is only for example.
GET _search
{
"aggs" : {
"sum_field" : { "sum" : { "field" : "someField" } }
},
"script_fields": {
"script_name": {
"script": {
"lang": "painless",
"source": """
// get there aggs result (sum_field)
if(sum_field > 5){
return sum_field
}
"""
}
}
}
}
elasticsearch kibana 
elasticsearch-painless asked Nov 23 '18 at 14:26
XtrEmEXtrEmE
84
add a comment |
I'm new in ElasticSearch world. I've been trying write simple request and I need to get aggs result in my script to make simple condition. Is it possible to do it in this way?
The condition below is only for example.
GET _search
{
"aggs" : {
"sum_field" : { "sum" : { "field" : "someField" } }
},
"script_fields": {
"script_name": {
"script": {
"lang": "painless",
"source": """
// get there aggs result (sum_field)
if(sum_field > 5){
return sum_field
}
"""
}
}
}
}
asked Nov 23 '18 at 14:26
XtrEmEXtrEmE
84
add a comment |
I'm new in ElasticSearch world. I've been trying write simple request and I need to get aggs result in my script to make simple condition. Is it possible to do it in this way?
The condition below is only for example.
GET _search
{
"aggs" : {
"sum_field" : { "sum" : { "field" : "someField" } }
},
"script_fields": {
"script_name": {
"script": {
"lang": "painless",
"source": """
// get there aggs result (sum_field)
if(sum_field > 5){
return sum_field
}
"""
}
}
}
}
asked Nov 23 '18 at 14:26
XtrEmEXtrEmE
84
I'm new in ElasticSearch world. I've been trying write simple request and I need to get aggs result in my script to make simple condition. Is it possible to do it in this way?
The condition below is only for example.
GET _search
{
"aggs" : {
"sum_field" : { "sum" : { "field" : "someField" } }
},
"script_fields": {
"script_name": {
"script": {
"lang": "painless",
"source": """
// get there aggs result (sum_field)
if(sum_field > 5){
return sum_field
}
"""
}
}
}
}
asked Nov 23 '18 at 14:26
XtrEmEXtrEmE
84
asked Nov 23 '18 at 14:26
XtrEmEXtrEmE
84
asked Nov 23 '18 at 14:26
XtrEmEXtrEmE
84
asked Nov 23 '18 at 14:26
XtrEmEXtrEmE
84
asked Nov 23 '18 at 14:26
XtrEmEXtrEmE
84
84
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
The requirement is to execute sum aggregation over multiple indexes having the same field name
Now with multiple indexes, you'll have to check if that particular field exists in that indexes or not AND if the field is of the same datatype.
Indexes
I've created three indexes, having a single field called num.
index_1
- num: long
index_2
- num: long
index_3
- num: text
: fielddata: true
Also notice how if the field is of type text, then I've set its property fielddata:true. But if you do not set it, then the below query would give you aggregation result as well as an error saying you cannot retrieve the value of type text as its an analyzed string and you can only use doc for fields which are non_analyzed.
Sample Query:
POST /_search
{
"size":0,
"query":{
"bool":{
"filter":[
{
"exists":{
"field":"num"
}
}
]
}
},
"aggs":{
"myaggs":{
"sum":{
"script":{
"source":"if(doc['num'].value instanceof long) return doc['num'].value;"
}
}
}
}
}
Query if you cannot set fielddata:true
In that case, you need to explicitly mention the indexes on which you'd want to aggregate.
POST /_search
{
"size":0,
"query":{
"bool":{
"filter":[
{
"exists":{
"field":"num"
}
},
{
"terms":{
"_index":[
"index_1",
"index_2"
]
}
}
]
}
},
"aggs":{
"myaggs":{
"sum":{
"script":{
"source":"if(doc['num'].value instanceof long) return doc['num'].value;"
}
}
}
}
}
Hope this helps!
answered Nov 23 '18 at 20:06
KamalKamal
2,53711022
Your suggest didn't solve my problem at all. But maybe you could give me advice how to use script for whole hits list? Cuz when I have something like in below code it executes only for current index, not for whole list. I would like to use this script to sum some field (I know it's possible by "aggs sum" as u wrote above).GET _search { "query": { "match_all": {} }, "script_fields": { "source": { "script": { "lang": "painless", "source": """ return params._source """ } } } }
– XtrEmE
Nov 28 '18 at 13:35
hey @XtrEmE if I understand it correctly, what you want is, say you have a fieldsomeFieldwhich is present in multiple indexes, what you want is a script that can performsumon its values over all indices? It'd be great if you can just update the question with a sample output and I will get back to you as soon as I can.
– Kamal
Nov 28 '18 at 14:32
I want to write a script which will execute not only for current index but for whole array. Typically it could be like below, but this code is nested for index. I need to have access one step higher."source": """ int sum = 0; for(int i = 0; i < hits.lenght; i++){ sum += hits[i].fieldValue; } return sum; """
– XtrEmE
Nov 28 '18 at 14:47
Is it more clear @Kamal ?
– XtrEmE
Nov 29 '18 at 10:03
hey @XtrEmE, yes I've got it. You'd want to do aggregation on a particular field if it is present in all the indexes. Not sure if Elastic supports aggregation results on index levels but let me try and update you on it.
– Kamal
Nov 29 '18 at 10:08
|
show 1 more comment
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53448477%2fget-result-from-aggs-in-script-elasticsearch-painless%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The requirement is to execute sum aggregation over multiple indexes having the same field name
Now with multiple indexes, you'll have to check if that particular field exists in that indexes or not AND if the field is of the same datatype.
Indexes
I've created three indexes, having a single field called num.
index_1
- num: long
index_2
- num: long
index_3
- num: text
: fielddata: true
Also notice how if the field is of type text, then I've set its property fielddata:true. But if you do not set it, then the below query would give you aggregation result as well as an error saying you cannot retrieve the value of type text as its an analyzed string and you can only use doc for fields which are non_analyzed.
Sample Query:
POST /_search
{
"size":0,
"query":{
"bool":{
"filter":[
{
"exists":{
"field":"num"
}
}
]
}
},
"aggs":{
"myaggs":{
"sum":{
"script":{
"source":"if(doc['num'].value instanceof long) return doc['num'].value;"
}
}
}
}
}
Query if you cannot set fielddata:true
In that case, you need to explicitly mention the indexes on which you'd want to aggregate.
POST /_search
{
"size":0,
"query":{
"bool":{
"filter":[
{
"exists":{
"field":"num"
}
},
{
"terms":{
"_index":[
"index_1",
"index_2"
]
}
}
]
}
},
"aggs":{
"myaggs":{
"sum":{
"script":{
"source":"if(doc['num'].value instanceof long) return doc['num'].value;"
}
}
}
}
}
Hope this helps!
answered Nov 23 '18 at 20:06
KamalKamal
2,53711022
Your suggest didn't solve my problem at all. But maybe you could give me advice how to use script for whole hits list? Cuz when I have something like in below code it executes only for current index, not for whole list. I would like to use this script to sum some field (I know it's possible by "aggs sum" as u wrote above).GET _search { "query": { "match_all": {} }, "script_fields": { "source": { "script": { "lang": "painless", "source": """ return params._source """ } } } }
– XtrEmE
Nov 28 '18 at 13:35
hey @XtrEmE if I understand it correctly, what you want is, say you have a fieldsomeFieldwhich is present in multiple indexes, what you want is a script that can performsumon its values over all indices? It'd be great if you can just update the question with a sample output and I will get back to you as soon as I can.
– Kamal
Nov 28 '18 at 14:32
I want to write a script which will execute not only for current index but for whole array. Typically it could be like below, but this code is nested for index. I need to have access one step higher."source": """ int sum = 0; for(int i = 0; i < hits.lenght; i++){ sum += hits[i].fieldValue; } return sum; """
– XtrEmE
Nov 28 '18 at 14:47
Is it more clear @Kamal ?
– XtrEmE
Nov 29 '18 at 10:03
hey @XtrEmE, yes I've got it. You'd want to do aggregation on a particular field if it is present in all the indexes. Not sure if Elastic supports aggregation results on index levels but let me try and update you on it.
– Kamal
Nov 29 '18 at 10:08
|
show 1 more comment
The requirement is to execute sum aggregation over multiple indexes having the same field name
Now with multiple indexes, you'll have to check if that particular field exists in that indexes or not AND if the field is of the same datatype.
Indexes
I've created three indexes, having a single field called num.
index_1
- num: long
index_2
- num: long
index_3
- num: text
: fielddata: true
Also notice how if the field is of type text, then I've set its property fielddata:true. But if you do not set it, then the below query would give you aggregation result as well as an error saying you cannot retrieve the value of type text as its an analyzed string and you can only use doc for fields which are non_analyzed.
Sample Query:
POST /_search
{
"size":0,
"query":{
"bool":{
"filter":[
{
"exists":{
"field":"num"
}
}
]
}
},
"aggs":{
"myaggs":{
"sum":{
"script":{
"source":"if(doc['num'].value instanceof long) return doc['num'].value;"
}
}
}
}
}
Query if you cannot set fielddata:true
In that case, you need to explicitly mention the indexes on which you'd want to aggregate.
POST /_search
{
"size":0,
"query":{
"bool":{
"filter":[
{
"exists":{
"field":"num"
}
},
{
"terms":{
"_index":[
"index_1",
"index_2"
]
}
}
]
}
},
"aggs":{
"myaggs":{
"sum":{
"script":{
"source":"if(doc['num'].value instanceof long) return doc['num'].value;"
}
}
}
}
}
Hope this helps!
answered Nov 23 '18 at 20:06
KamalKamal
2,53711022
Your suggest didn't solve my problem at all. But maybe you could give me advice how to use script for whole hits list? Cuz when I have something like in below code it executes only for current index, not for whole list. I would like to use this script to sum some field (I know it's possible by "aggs sum" as u wrote above).GET _search { "query": { "match_all": {} }, "script_fields": { "source": { "script": { "lang": "painless", "source": """ return params._source """ } } } }
– XtrEmE
Nov 28 '18 at 13:35
hey @XtrEmE if I understand it correctly, what you want is, say you have a fieldsomeFieldwhich is present in multiple indexes, what you want is a script that can performsumon its values over all indices? It'd be great if you can just update the question with a sample output and I will get back to you as soon as I can.
– Kamal
Nov 28 '18 at 14:32
I want to write a script which will execute not only for current index but for whole array. Typically it could be like below, but this code is nested for index. I need to have access one step higher."source": """ int sum = 0; for(int i = 0; i < hits.lenght; i++){ sum += hits[i].fieldValue; } return sum; """
– XtrEmE
Nov 28 '18 at 14:47
Is it more clear @Kamal ?
– XtrEmE
Nov 29 '18 at 10:03
hey @XtrEmE, yes I've got it. You'd want to do aggregation on a particular field if it is present in all the indexes. Not sure if Elastic supports aggregation results on index levels but let me try and update you on it.
– Kamal
Nov 29 '18 at 10:08
|
show 1 more comment
The requirement is to execute sum aggregation over multiple indexes having the same field name
Now with multiple indexes, you'll have to check if that particular field exists in that indexes or not AND if the field is of the same datatype.
Indexes
I've created three indexes, having a single field called num.
index_1
- num: long
index_2
- num: long
index_3
- num: text
: fielddata: true
Also notice how if the field is of type text, then I've set its property fielddata:true. But if you do not set it, then the below query would give you aggregation result as well as an error saying you cannot retrieve the value of type text as its an analyzed string and you can only use doc for fields which are non_analyzed.
Sample Query:
POST /_search
{
"size":0,
"query":{
"bool":{
"filter":[
{
"exists":{
"field":"num"
}
}
]
}
},
"aggs":{
"myaggs":{
"sum":{
"script":{
"source":"if(doc['num'].value instanceof long) return doc['num'].value;"
}
}
}
}
}
Query if you cannot set fielddata:true
In that case, you need to explicitly mention the indexes on which you'd want to aggregate.
POST /_search
{
"size":0,
"query":{
"bool":{
"filter":[
{
"exists":{
"field":"num"
}
},
{
"terms":{
"_index":[
"index_1",
"index_2"
]
}
}
]
}
},
"aggs":{
"myaggs":{
"sum":{
"script":{
"source":"if(doc['num'].value instanceof long) return doc['num'].value;"
}
}
}
}
}
Hope this helps!
answered Nov 23 '18 at 20:06
KamalKamal
2,53711022
The requirement is to execute sum aggregation over multiple indexes having the same field name
Now with multiple indexes, you'll have to check if that particular field exists in that indexes or not AND if the field is of the same datatype.
Indexes
I've created three indexes, having a single field called num.
index_1
- num: long
index_2
- num: long
index_3
- num: text
: fielddata: true
Also notice how if the field is of type text, then I've set its property fielddata:true. But if you do not set it, then the below query would give you aggregation result as well as an error saying you cannot retrieve the value of type text as its an analyzed string and you can only use doc for fields which are non_analyzed.
Sample Query:
POST /_search
{
"size":0,
"query":{
"bool":{
"filter":[
{
"exists":{
"field":"num"
}
}
]
}
},
"aggs":{
"myaggs":{
"sum":{
"script":{
"source":"if(doc['num'].value instanceof long) return doc['num'].value;"
}
}
}
}
}
Query if you cannot set fielddata:true
In that case, you need to explicitly mention the indexes on which you'd want to aggregate.
POST /_search
{
"size":0,
"query":{
"bool":{
"filter":[
{
"exists":{
"field":"num"
}
},
{
"terms":{
"_index":[
"index_1",
"index_2"
]
}
}
]
}
},
"aggs":{
"myaggs":{
"sum":{
"script":{
"source":"if(doc['num'].value instanceof long) return doc['num'].value;"
}
}
}
}
}
Hope this helps!
answered Nov 23 '18 at 20:06
KamalKamal
2,53711022
edited Nov 29 '18 at 16:27
answered Nov 23 '18 at 20:06
KamalKamal
2,53711022
answered Nov 23 '18 at 20:06
KamalKamal
2,53711022
answered Nov 23 '18 at 20:06
KamalKamal
2,53711022
2,53711022
Your suggest didn't solve my problem at all. But maybe you could give me advice how to use script for whole hits list? Cuz when I have something like in below code it executes only for current index, not for whole list. I would like to use this script to sum some field (I know it's possible by "aggs sum" as u wrote above).GET _search { "query": { "match_all": {} }, "script_fields": { "source": { "script": { "lang": "painless", "source": """ return params._source """ } } } }
– XtrEmE
Nov 28 '18 at 13:35
hey @XtrEmE if I understand it correctly, what you want is, say you have a fieldsomeFieldwhich is present in multiple indexes, what you want is a script that can performsumon its values over all indices? It'd be great if you can just update the question with a sample output and I will get back to you as soon as I can.
– Kamal
Nov 28 '18 at 14:32
I want to write a script which will execute not only for current index but for whole array. Typically it could be like below, but this code is nested for index. I need to have access one step higher."source": """ int sum = 0; for(int i = 0; i < hits.lenght; i++){ sum += hits[i].fieldValue; } return sum; """
– XtrEmE
Nov 28 '18 at 14:47
Is it more clear @Kamal ?
– XtrEmE
Nov 29 '18 at 10:03
hey @XtrEmE, yes I've got it. You'd want to do aggregation on a particular field if it is present in all the indexes. Not sure if Elastic supports aggregation results on index levels but let me try and update you on it.
– Kamal
Nov 29 '18 at 10:08
|
show 1 more comment
Your suggest didn't solve my problem at all. But maybe you could give me advice how to use script for whole hits list? Cuz when I have something like in below code it executes only for current index, not for whole list. I would like to use this script to sum some field (I know it's possible by "aggs sum" as u wrote above).GET _search { "query": { "match_all": {} }, "script_fields": { "source": { "script": { "lang": "painless", "source": """ return params._source """ } } } }
– XtrEmE
Nov 28 '18 at 13:35
hey @XtrEmE if I understand it correctly, what you want is, say you have a fieldsomeFieldwhich is present in multiple indexes, what you want is a script that can performsumon its values over all indices? It'd be great if you can just update the question with a sample output and I will get back to you as soon as I can.
– Kamal
Nov 28 '18 at 14:32
I want to write a script which will execute not only for current index but for whole array. Typically it could be like below, but this code is nested for index. I need to have access one step higher."source": """ int sum = 0; for(int i = 0; i < hits.lenght; i++){ sum += hits[i].fieldValue; } return sum; """
– XtrEmE
Nov 28 '18 at 14:47
Is it more clear @Kamal ?
– XtrEmE
Nov 29 '18 at 10:03
hey @XtrEmE, yes I've got it. You'd want to do aggregation on a particular field if it is present in all the indexes. Not sure if Elastic supports aggregation results on index levels but let me try and update you on it.
– Kamal
Nov 29 '18 at 10:08
Your suggest didn't solve my problem at all. But maybe you could give me advice how to use script for whole hits list? Cuz when I have something like in below code it executes only for current index, not for whole list. I would like to use this script to sum some field (I know it's possible by "aggs sum" as u wrote above).
GET _search { "query": { "match_all": {} }, "script_fields": { "source": { "script": { "lang": "painless", "source": """ return params._source """ } } } }– XtrEmE
Nov 28 '18 at 13:35
Your suggest didn't solve my problem at all. But maybe you could give me advice how to use script for whole hits list? Cuz when I have something like in below code it executes only for current index, not for whole list. I would like to use this script to sum some field (I know it's possible by "aggs sum" as u wrote above).
GET _search { "query": { "match_all": {} }, "script_fields": { "source": { "script": { "lang": "painless", "source": """ return params._source """ } } } }– XtrEmE
Nov 28 '18 at 13:35
hey @XtrEmE if I understand it correctly, what you want is, say you have a field
someField which is present in multiple indexes, what you want is a script that can perform sum on its values over all indices? It'd be great if you can just update the question with a sample output and I will get back to you as soon as I can.– Kamal
Nov 28 '18 at 14:32
hey @XtrEmE if I understand it correctly, what you want is, say you have a field
someField which is present in multiple indexes, what you want is a script that can perform sum on its values over all indices? It'd be great if you can just update the question with a sample output and I will get back to you as soon as I can.– Kamal
Nov 28 '18 at 14:32
I want to write a script which will execute not only for current index but for whole array. Typically it could be like below, but this code is nested for index. I need to have access one step higher.
"source": """ int sum = 0; for(int i = 0; i < hits.lenght; i++){ sum += hits[i].fieldValue; } return sum; """– XtrEmE
Nov 28 '18 at 14:47
I want to write a script which will execute not only for current index but for whole array. Typically it could be like below, but this code is nested for index. I need to have access one step higher.
"source": """ int sum = 0; for(int i = 0; i < hits.lenght; i++){ sum += hits[i].fieldValue; } return sum; """– XtrEmE
Nov 28 '18 at 14:47
Is it more clear @Kamal ?
– XtrEmE
Nov 29 '18 at 10:03
Is it more clear @Kamal ?
– XtrEmE
Nov 29 '18 at 10:03
hey @XtrEmE, yes I've got it. You'd want to do aggregation on a particular field if it is present in all the indexes. Not sure if Elastic supports aggregation results on index levels but let me try and update you on it.
– Kamal
Nov 29 '18 at 10:08
hey @XtrEmE, yes I've got it. You'd want to do aggregation on a particular field if it is present in all the indexes. Not sure if Elastic supports aggregation results on index levels but let me try and update you on it.
– Kamal
Nov 29 '18 at 10:08
|
show 1 more comment
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53448477%2fget-result-from-aggs-in-script-elasticsearch-painless%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
