- Elasticsearch Guide: other versions:
- Getting Started
- Setup
- Breaking changes
- Breaking changes in 2.3
- Breaking changes in 2.2
- Breaking changes in 2.1
- Breaking changes in 2.0
- Removed features
- Network changes
- Multiple
path.data
striping - Mapping changes
- CRUD and routing changes
- Query DSL changes
- Search changes
- Aggregation changes
- Parent/Child changes
- Scripting changes
- Index API changes
- Snapshot and Restore changes
- Plugin and packaging changes
- Setting changes
- Stats, info, and
cat
changes - Java API changes
- API Conventions
- Document APIs
- Search APIs
- Aggregations
- Metrics Aggregations
- Avg Aggregation
- Cardinality Aggregation
- Extended Stats Aggregation
- Geo Bounds Aggregation
- Geo Centroid Aggregation
- Max Aggregation
- Min Aggregation
- Percentiles Aggregation
- Percentile Ranks Aggregation
- Scripted Metric Aggregation
- Stats Aggregation
- Sum Aggregation
- Top hits Aggregation
- Value Count Aggregation
- Bucket Aggregations
- Children Aggregation
- Date Histogram Aggregation
- Date Range Aggregation
- Filter Aggregation
- Filters Aggregation
- Geo Distance Aggregation
- GeoHash grid Aggregation
- Global Aggregation
- Histogram Aggregation
- IPv4 Range Aggregation
- Missing Aggregation
- Nested Aggregation
- Range Aggregation
- Reverse nested Aggregation
- Sampler Aggregation
- Significant Terms Aggregation
- Terms Aggregation
- Pipeline Aggregations
- Avg Bucket Aggregation
- Derivative Aggregation
- Max Bucket Aggregation
- Min Bucket Aggregation
- Sum Bucket Aggregation
- Stats Bucket Aggregation
- Extended Stats Bucket Aggregation
- Percentiles Bucket Aggregation
- Moving Average Aggregation
- Cumulative Sum Aggregation
- Bucket Script Aggregation
- Bucket Selector Aggregation
- Serial Differencing Aggregation
- Caching heavy aggregations
- Returning only aggregation results
- Aggregation Metadata
- Metrics Aggregations
- Indices APIs
- Create Index
- Delete Index
- Get Index
- Indices Exists
- Open / Close Index API
- Put Mapping
- Get Mapping
- Get Field Mapping
- Types Exists
- Index Aliases
- Update Indices Settings
- Get Settings
- Analyze
- Index Templates
- Warmers
- Shadow replica indices
- Indices Stats
- Indices Segments
- Indices Recovery
- Indices Shard Stores
- Clear Cache
- Flush
- Refresh
- Force Merge
- Optimize
- Upgrade
- cat APIs
- Cluster APIs
- Query DSL
- Mapping
- Field datatypes
- Meta-Fields
- Mapping parameters
analyzer
boost
coerce
copy_to
doc_values
dynamic
enabled
fielddata
format
geohash
geohash_precision
geohash_prefix
ignore_above
ignore_malformed
include_in_all
index
index_options
lat_lon
fields
norms
null_value
position_increment_gap
precision_step
properties
search_analyzer
similarity
store
term_vector
- Dynamic Mapping
- Transform
- Analysis
- Analyzers
- Tokenizers
- Token Filters
- Standard Token Filter
- ASCII Folding Token Filter
- Length Token Filter
- Lowercase Token Filter
- Uppercase Token Filter
- NGram Token Filter
- Edge NGram Token Filter
- Porter Stem Token Filter
- Shingle Token Filter
- Stop Token Filter
- Word Delimiter Token Filter
- Stemmer Token Filter
- Stemmer Override Token Filter
- Keyword Marker Token Filter
- Keyword Repeat Token Filter
- KStem Token Filter
- Snowball Token Filter
- Phonetic Token Filter
- Synonym Token Filter
- Compound Word Token Filter
- Reverse Token Filter
- Elision Token Filter
- Truncate Token Filter
- Unique Token Filter
- Pattern Capture Token Filter
- Pattern Replace Token Filter
- Trim Token Filter
- Limit Token Count Token Filter
- Hunspell Token Filter
- Common Grams Token Filter
- Normalization Token Filter
- CJK Width Token Filter
- CJK Bigram Token Filter
- Delimited Payload Token Filter
- Keep Words Token Filter
- Keep Types Token Filter
- Classic Token Filter
- Apostrophe Token Filter
- Decimal Digit Token Filter
- Character Filters
- Modules
- Index Modules
- Testing
- Glossary of terms
- Release Notes
- 2.3.5 Release Notes
- 2.3.4 Release Notes
- 2.3.3 Release Notes
- 2.3.2 Release Notes
- 2.3.1 Release Notes
- 2.3.0 Release Notes
- 2.2.2 Release Notes
- 2.2.1 Release Notes
- 2.2.0 Release Notes
- 2.1.2 Release Notes
- 2.1.1 Release Notes
- 2.1.0 Release Notes
- 2.0.2 Release Notes
- 2.0.1 Release Notes
- 2.0.0 Release Notes
- 2.0.0-rc1 Release Notes
- 2.0.0-beta2 Release Notes
- 2.0.0-beta1 Release Notes
WARNING: Version 2.3 of Elasticsearch has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Filters Aggregation
editFilters Aggregation
editDefines a multi bucket aggregation where each bucket is associated with a filter. Each bucket will collect all documents that match its associated filter.
Example:
{ "aggs" : { "messages" : { "filters" : { "filters" : { "errors" : { "term" : { "body" : "error" }}, "warnings" : { "term" : { "body" : "warning" }} } }, "aggs" : { "monthly" : { "histogram" : { "field" : "timestamp", "interval" : "1M" } } } } } }
In the above example, we analyze log messages. The aggregation will build two collection (buckets) of log messages - one for all those containing an error, and another for all those containing a warning. And for each of these buckets it will break them down by month.
Response:
... "aggs" : { "messages" : { "buckets" : { "errors" : { "doc_count" : 34, "monthly" : { "buckets" : [ ... // the histogram monthly breakdown ] } }, "warnings" : { "doc_count" : 439, "monthly" : { "buckets" : [ ... // the histogram monthly breakdown ] } } } } } ...
Anonymous filters
editThe filters field can also be provided as an array of filters, as in the following request:
{ "aggs" : { "messages" : { "filters" : { "filters" : [ { "term" : { "body" : "error" }}, { "term" : { "body" : "warning" }} ] }, "aggs" : { "monthly" : { "histogram" : { "field" : "timestamp", "interval" : "1M" } } } } } }
The filtered buckets are returned in the same order as provided in the request. The response for this example would be:
... "aggs" : { "messages" : { "buckets" : [ { "doc_count" : 34, "monthly" : { "buckets" : [ ... // the histogram monthly breakdown ] } }, { "doc_count" : 439, "monthly" : { "buckets" : [ ... // the histogram monthly breakdown ] } } ] } } ...
Other
Bucket
editThe other_bucket
parameter can be set to add a bucket to the response which will contain all documents that do
not match any of the given filters. The value of this parameter can be as follows:
-
false
-
Does not compute the
other
bucket -
true
-
Returns the
other
bucket bucket either in a bucket (named_other_
by default) if named filters are being used, or as the last bucket if anonymous filters are being used
The other_bucket_key
parameter can be used to set the key for the other
bucket to a value other than the default _other_
. Setting
this parameter will implicitly set the other_bucket
parameter to true
.
The following snippet shows a response where the other
bucket is requested to be named other_messages
.
{ "aggs" : { "messages" : { "filters" : { "other_bucket_key": "other_messages", "filters" : { "errors" : { "term" : { "body" : "error" }}, "warnings" : { "term" : { "body" : "warning" }} } }, "aggs" : { "monthly" : { "histogram" : { "field" : "timestamp", "interval" : "1M" } } } } } }
The response would be something like the following:
... "aggs" : { "messages" : { "buckets" : { "errors" : { "doc_count" : 34, "monthly" : { "buckets" : [ ... // the histogram monthly breakdown ] } }, "warnings" : { "doc_count" : 439, "monthly" : { "buckets" : [ ... // the histogram monthly breakdown ] } }, "other_messages" : { "doc_count" : 237, "monthly" : { "buckets" : [ ... // the histogram monthly breakdown ] } } } } } } ...
On this page