Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add the ability to sort aggregations by allowing arithmetic operations between sub aggregations #8281

Closed
nitzanharel opened this issue Oct 30, 2014 · 3 comments
Closed

Add the ability to sort aggregations by allowing arithmetic operations between sub aggregations #8281

nitzanharel opened this issue Oct 30, 2014 · 3 comments
Assignees
@colings86
Labels
:Analytics/Aggregations Aggregations stalled

Comments

@nitzanharel
Copy link

I want to get the top X event senders for a time range but sorted not by doc count but rather by percentage increase/decrease to a different time range.
I know I can do this:

  "query": {
    "bool": {
      "must": [
        {
          "range": {
            "sentTimestamp": {
              "gte": "2014-10-07T00:01:00.0Z",
              "lt": "2014-10-07T00:01:50.0Z"
            }
          }
        }
      ]
    }
  },
  "size": 0,
  "aggs": {
    "topSenders": {
      "terms": {
        "field": "sender",
        "size": 5,
        "order": {
          "t2>tu.value": "desc"
        }
      },
      "aggs": {
        "t1": {
          "filter": {
            "range": {
              "sentTimestamp": {
                "gte": "2014-10-07T00:01:00.0Z",
                "lt": "2014-10-07T00:01:40.0Z"
              }
            }
          },
          "aggs": {
            "tu": {
              "cardinality": {
                "field": "sender"
              }
            }
          }
        },
        "t2": {
          "filter": {
            "range": {
              "sentTimestamp": {
                "gte": "2014-10-07T00:01:40.0Z",
                "lt": "2014-10-07T00:01:50.0Z"
              }
            }
          },
          "aggs": {
            "tu": {
              "cardinality": {
                "field": "sender"
              }
            }
          }
        }
      }
    }
  }
}

You can see I am sorting by "t2>tu.value". If I was able to sort by something like "(t2>tu.value-t2>tu.value)/t1>tu.value" I would be able to get that all in one query
@clintongormley
Copy link

This looks like a job for reducers, see #8110.

@colings86 a sorting reducer would be a nice addition.

@clintongormley
Copy link

Actually, @colings86 has pointed out that this would be possible with a scripted sort provided by #6917

@clintongormley
Copy link

I'm going to close this in favour of #6917

@colings86 colings86 added the :Analytics/Aggregations Aggregations label Mar 31, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@colings86 colings86

Labels
:Analytics/Aggregations Aggregations stalled
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@clintongormley @colings86 @nitzanharel