Skip to content

Instantly share code, notes, and snippets.

@jayswan

jayswan/scripted_aggs.md

Created July 10, 2016 16:01
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jayswan/8e5616f40afd9a324e6c072e71d0d92e to your computer and use it in GitHub Desktop.
Save jayswan/8e5616f40afd9a324e6c072e71d0d92e to your computer and use it in GitHub Desktop.
Download ZIP
Elasticsearch scripted aggregation with joined fields
Raw
scripted_aggs.md

This script allows you to do SQL GROUPBY-like aggregations on multiple fields in an Elasticsearch index.

Performance will likely be poor on large data sets.

Saved Groovy script in <elasticsearch_dir>/config/scripts/join-param-list.groovy:

return fields.collect { doc[it].value }.join(delimiter);

A representative query that does a "GROUPBY" to see the number of identical first-name / last-name / employer pairs:

{
    "query": {
        "term":{"_type":"account"}
    },
    "size":1,
    "aggs": {
        "agg1": {
            "terms": {
                "script": {
                    "file": "join-param-list",
                    "lang": "groovy",
                    "params": {"fields":["firstname","lastname","employer"], "delimiter":"|" }
                }
            }
        }
    }
}

Sample agg output:

"aggregations": {
    "agg1": {
      "doc_count_error_upper_bound": 5,
      "sum_other_doc_count": 990,
      "buckets": [
        {
          "key": "abbott|smith|acme",
          "doc_count": 1
        },
etc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment