1

I want to get the counts for two items in a column from my indexer in elastic search. There is a column called "category" in my indexer and it contains multiple entries. In which I am interested to get 'billing' and 'expenditure' for multiple dates. For which, I have written the below query and it is not working for two values. I can pull a single value either "billing" or "expenditure" but not two at once.

 {"dates": 
{"date_histogram": 
    {"field": "createdDateTime",
        "interval": "day"},

        "aggs": {"fields": 
            {"term": 
                {"field": "type",
                  "include": ["billing", "expenditure"]



                }}}}}

The above code is not working in this case, to make it work I need to change the "include" line to 

"include": "billing"

or "include": "expenditure"

It would be great help, if someone look into this and help.:)

Below answers are working for my post above, now I have come across one more problem with the above post that:

In my 'type' field, I want to filter one more value called "spent on". Here the problem is -- ES considers this two worded word as two terms and the result is not as expected. Please help in this. Just want to filter this two worded word as a single word instead of two.

Improve this question
2
  • @jgr, please check I have edited the post. Please check the last two paras for my updated post. Have a little issue with two worded word. Commented Aug 28, 2015 at 10:58
  • @keety : please check I have edited the post. Please check the last two paras for my updated post. Have a little issue with two worded word. Commented Aug 28, 2015 at 10:59

2 Answers 2

Reset to default
2

From ES docs( https://www.elastic.co/guide/en/elasticsearch/reference/1.5/search-aggregations-bucket-terms-aggregation.html?q=terms%20agg#_filtering_values):

It is possible to filter the values for which buckets will be created. This can be done using the include and exclude parameters which are based on regular expression strings or arrays of exact values [1.5.0] Added in 1.5.0. support for arrays of values.

So its possible to use array since 1.5 version

  "aggs": {
      "aggterm": {
         "terms": {
            "field": "type",
            "include" : ["billing", "expenditure"]
         }
      }
   }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

The include expects a regex pattern. As @jgr pointed out this is true only for versions of elasticsearch < 1.5.0. So for the example provided in query would look something as below for versions < 1.5.0 :

   "aggs": {
      "aggterm": {
         "terms": {
            "field": "type",
            "include" : "billing|expenditure"
         }
      }
   }

If not the example you have in the OP should work

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.