WARNING: Version 2.4 of Elasticsearch has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Sampler Aggregation
editSampler Aggregation
editThis functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
A filtering aggregation used to limit any sub aggregations' processing to a sample of the top-scoring documents. Optionally, diversity settings can be used to limit the number of matches that share a common value such as an "author".
Example use cases:
- Tightening the focus of analytics to high-relevance matches rather than the potentially very long tail of low-quality matches
- Removing bias from analytics by ensuring fair representation of content from different sources
-
Reducing the running cost of aggregations that can produce useful results using only samples e.g.
significant_terms
Example:
{ "query": { "match": { "text": "iphone" } }, "aggs": { "sample": { "sampler": { "shard_size": 200, "field" : "user.id" }, "aggs": { "keywords": { "significant_terms": { "field": "text" } } } } } }
Response:
{ ... "aggregations": { "sample": { "doc_count": 1000, "keywords": { "doc_count": 1000, "buckets": [ ... { "key": "bend", "doc_count": 58, "score": 37.982536582524276, "bg_count": 103 }, .... }
1000 documents were sampled in total becase we asked for a maximum of 200 from an index with 5 shards. The cost of performing the nested significant_terms aggregation was therefore limited rather than unbounded. |
|
The results of the significant_terms aggregation are not skewed by any single over-active Twitter user because we asked for a maximum of one tweet from any one user in our sample. |
shard_size
editThe shard_size
parameter limits how many top-scoring documents are collected in the sample processed on each shard.
The default value is 100.
Controlling diversity
editOptionally, you can use the field
or script
and max_docs_per_value
settings to control the maximum number of documents collected on any one shard which share a common value.
The choice of value (e.g. author
) is loaded from a regular field
or derived dynamically by a script
.
The aggregation will throw an error if the choice of field or script produces multiple values for a document. It is currently not possible to offer this form of de-duplication using many values, primarily due to concerns over efficiency.
Any good market researcher will tell you that when working with samples of data it is important that the sample represents a healthy variety of opinions rather than being skewed by any single voice. The same is true with aggregations and sampling with these diversify settings can offer a way to remove the bias in your content (an over-populated geography, a large spike in a timeline or an over-active forum spammer).
Field
editControlling diversity using a field:
{ "aggs" : { "sample" : { "sampler" : { "field" : "author", "max_docs_per_value" : 3 } } } }
Note that the max_docs_per_value
setting applies on a per-shard basis only for the purposes of shard-local sampling.
It is not intended as a way of providing a global de-duplication feature on search results.
Script
editControlling diversity using a script:
{ "aggs" : { "sample" : { "sampler" : { "script" : "doc['author'].value + '/' + doc['genre'].value" } } } }
Note in the above example we chose to use the default max_docs_per_value
setting of 1 and combine author and genre fields to ensure
each shard sample has, at most, one match for an author/genre pair.
execution_hint
editWhen using the settings to control diversity, the optional execution_hint
setting can influence the management of the values used for de-duplication.
Each option will hold up to shard_size
values in memory while performing de-duplication but the type of value held can be controlled as follows:
-
hold field values directly (
map
) -
hold ordinals of the field as determined by the Lucene index (
global_ordinals
) -
hold hashes of the field values - with potential for hash collisions (
bytes_hash
)
The default setting is to use global_ordinals
if this information is available from the Lucene index and reverting to map
if not.
The bytes_hash
setting may prove faster in some cases but introduces the possibility of false positives in de-duplication logic due to the possibility of hash collisions.
Please note that Elasticsearch will ignore the choice of execution hint if it is not applicable and that there is no backward compatibility guarantee on these hints.
Limitations
editCannot be nested under breadth_first
aggregations
editBeing a quality-based filter the sampler aggregation needs access to the relevance score produced for each document.
It therefore cannot be nested under a terms
aggregation which has the collect_mode
switched from the default depth_first
mode to breadth_first
as this discards scores.
In this situation an error will be thrown.
Limited de-dup logic.
editThe de-duplication logic in the diversify settings applies only at a shard level so will not apply across shards.
No specialized syntax for geo/date fields
editCurrently the syntax for defining the diversifying values is defined by a choice of field
or script
- there is no added syntactical sugar for expressing geo or date units such as "1w" (1 week).
This support may be added in a later release and users will currently have to create these sorts of values using a script.