WARNING: Version 1.7 of Elasticsearch has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Filters Aggregation
editFilters Aggregation
editDefines a multi bucket aggregations where each bucket is associated with a filter. Each bucket will collect all documents that match its associated filter.
Example:
{ "aggs" : { "messages" : { "filters" : { "filters" : { "errors" : { "term" : { "body" : "error" }}, "warnings" : { "term" : { "body" : "warning" }} } }, "aggs" : { "monthly" : { "histogram" : { "field" : "timestamp", "interval" : "1M" } } } } } }
In the above example, we analyze log messages. The aggregation will build two collection (buckets) of log messages - one for all those containing an error, and another for all those containing a warning. And for each of these buckets it will break them down by month.
Response:
... "aggs" : { "messages" : { "buckets" : { "errors" : { "doc_count" : 34, "monthly" : { "buckets" : [ ... // the histogram monthly breakdown ] } }, "warnings" : { "doc_count" : 439, "monthly" : { "buckets" : [ ... // the histogram monthly breakdown ] } } } } } } ...
Anonymous filters
editThe filters field can also be provided as an array of filters, as in the following request:
{ "aggs" : { "messages" : { "filters" : { "filters" : [ { "term" : { "body" : "error" }}, { "term" : { "body" : "warning" }} ] }, "aggs" : { "monthly" : { "histogram" : { "field" : "timestamp", "interval" : "1M" } } } } } }
The filtered buckets are returned in the same order as provided in the request. The response for this example would be:
... "aggs" : { "messages" : { "buckets" : [ { "doc_count" : 34, "monthly" : { "buckets : [ ... // the histogram monthly breakdown ] } }, { "doc_count" : 439, "monthly" : { "buckets" : [ ... // the histogram monthly breakdown ] } } ] } } ...