Filter aggregation

Why would you want to use filter aggregation? Filter aggregation allows you to create a single bucket using any arbitrary filter and computes the metrics within that bucket. 

For example, if we wanted to create a bucket of all the records for the Chat category, we could use a term filter. Here, we want to create a bucket of all records that have category = Chat:

POST /bigginsight/_search?size=0
{
 "aggs": {
   "chat": {
     "filter": {
       "term": {
         "category": "Chat"
       }
     }
   }
 }
}

The response should look like the following:

{
  "took": 4,
  ...,
  "hits": {
    "total" : {
      "value" : 10000,
      "relation" : "gte"
    },
    "max_score": 0,
    "hits": []
  },
  "aggregations": {
    "chat": {
      "doc_count": 52277
    }
  }
}

As you can see, the aggregations element contains just one item, corresponding to the Chat category. It has 52277 documents. This response can be seen as a subset of the terms aggregation response, which contained all the categories, apart from Chat.

Let's look at filters aggregation next, which allows you to bucket on more than one custom filter.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.135.196.234