This kind of aggregation allows for executing analytics, based on parent documents, on child documents. When working with complex structures, the nested objects are very common.
You need an up-and-running Elasticsearch installation, as we described in the Downloading and installing Elasticsearch recipe in Chapter 2, Downloading and Setup.
To execute curl via the command line, you need to install curl for your operative system.
To correctly execute the following command, you need an index populated with the chapter_08/populate_aggregations.sh script available in the online code.
For executing children aggregations, we will perform the following steps:
- We must index documents with child/parent relations, as discussed in the Managing a child document recipe in Chapter 3, Managing Mappings. For the following example, we will use the same dataset of the child query.
- We want execute a terms aggregation on the
uuidof the parent and for everyuUidcollecting the terms of the children value, we create a children aggregation with a code similar to following one:curl -XPOST "http://127.0.0.1:9200/myindex/test-type/_search? size=0&pretty" -d '{ "aggs": { "uuid": { "terms": { "field": "uuid", "size": 10 }, "aggs": { "to-children": { "children": { "type": "test-type2" }, "aggs": { "top-values": { "terms": { "field": "value.keyword", "size": 10 } } } } } } } }' - The result returned by Elasticsearch, if everything is okay, should be as follows:
{ "took" : 7, "timed_out" : false, "_shards" : {...truncated...}, "hits" : {...truncated...}, "aggregations" : { "uuid" : { "doc_count_error_upper_bound" : 0, "sum_other_doc_count" : 0, "buckets" : [ { "key" : "11111", "doc_count" : 1, "to-children" : { "doc_count" : 1, "top-values" : { "doc_count_error_upper_bound" : 0, "sum_other_doc_count" : 0, "buckets" : [ { "key" : "value1", "doc_count" : 1 } ] } } }, {...truncated...}, { "key" : "33333", "doc_count" : 1, "to-children" : { "doc_count" : 0, "top-values" : { "doc_count_error_upper_bound" : 0, "sum_other_doc_count" : 0, "buckets" : [ ] } } } ] } } }
The children aggregation works by following these steps:
- All the parent IDs are collected by the matched query or by previous bucket aggregations.
- The parent IDs are used to filter the children and the matching document results are used to compute the children aggregation.
This type of aggregation, similar to the nested one, allows us to aggregate on different documents on searched ones.
Because children documents are stored in the same shard of the parents, they are very fast.