The following code block in regular expression syntax demonstrates the basic structure of the aggregation query syntax:

"aggs":{
    "name_1": {
        "type": { body }
            [,"aggs" : {[sub aggregation]+}]?
    }
    [,"name_2":{...}]*
}

We can have multiple aggregations in one shot. In addition, if we have to use complex aggregation logic to solve a problem, we may use sub-aggregations. The aggs keyword is the short form of the aggregations keyword. The name_1 word is the name of the aggregation. Elasticsearch supports more than one aggregation on the same level, such as name_2. The type word is used to define the type of the aggregation such as terms, stats, and range. The body word specifies the criteria of the aggregation.

One of the powerful features of aggregations is the ability to embed aggregations. The inner aggs keyword tells Elasticsearch to begin a new aggregation known as a sub-aggregation. The syntax of the parent aggregation and the sub-aggregation are the same. Sub-aggregation operates in the context of the individual buckets from the previous level's aggregations. The sub-aggregation allows us to continuously refine the aggregates to any number of levels. We'll learn about matrix aggregation, which provides intermediate data statistics, in the next section.