In contrast to searching, analytics deals with the bigger picture. Searching addresses the need for zooming in to a few records, whereas analytics address the need for zooming out and slicing the data in different ways.
While learning about searching, we used the following API:
POST /<index_name>/_search
{
"query":
{
... type of query ...
}
}
All aggregation queries take a common form. Let's go over the structure.
The aggregations, or aggs, element allows us to aggregate data. All aggregation requests take the following form:
POST /<index_name>/_search
{
"aggs": {
... type of aggregation ...
},
"query": { ... type of query ... }, //optional query part
"size": 0 //size typically set to 0
}
The aggs element should contain the actual aggregation query. The body depends on the type of aggregation that we want to do. We will cover these aggregations later in this chapter.
The optional query element defines the context of the aggregation. The aggregation considers all of the documents in the given index and type if the query element is not specified (you can imagine it as equivalent to the match_all query when no query is present). If we want to limit the context of the aggregation, it can be done by specifying the query. For example, we may not want to consider all the data for aggregation, but only certain documents that satisfy a particular condition. This query filters the documents to be fed to the actual aggs query.
The size element specifies how many of the search hits should be returned in the response. The default value of size is 10. If size is not specified, the response will contain 10 hits from the context under the query. Typically, if we are only interested in getting aggregation results, we should set the size element to 0, to avoid getting any results, along with the aggregation result.
Broadly, there are four types of aggregations that Elasticsearch supports:
- Bucket aggregations
- Metric aggregations
- Matrix aggregations
- Pipeline aggregations