Skip to main content

Return to Question

added 69 characters in body
Source Link
WoJ
WoJ
  • 30.6k
  • 60
  • 219
  • 412

Why adding a date range filter disables aggs?

Please note that I had to move the size which limits the number of returned elements into the scope of the first query. I do not understand why I need to do that,: if I leave it at the same level as query and aggs (like in the first -successful- example), I am not limited anymore to 1 element but I get the default 10 (andso size is not taken into account and I still do not get aggs anyway)

Why adding a date range disables aggs?

Please note that I had to move the size which limits the number of returned elements into the scope of the first query. I do not understand why I need to do that, if I leave it at the same level as query and aggs (like in the first -successful- example), I am not limited anymore to 1 element (and still do not get aggs)

Why adding a date range filter disables aggs?

Please note that I had to move the size which limits the number of returned elements into the scope of the first query. I do not understand why I need to do that: if I leave it at the same level as query and aggs (like in the first -successful- example), I am not limited anymore to 1 element but I get the default 10 (so size is not taken into account and I still do not get aggs anyway)

Source Link
WoJ
WoJ
  • 30.6k
  • 60
  • 219
  • 412

Why adding a date range disables aggs?

I have documents of the type

{
  "host-ip": "192.168.0.1",
  "HOST_END_iso": "2016-02-19T09:30:41+01:00"
}

I successfully query ES to get one random entry and an aggregation of host-ip

{
   "query": {
      "match_all": {}
   },
   "size": 1,
   "aggs": {
      "rating": {
         "terms": {
            "field": "host-ip",
            "size": 0,
            "shard_size": 0
         }
      }
   }
}

I now want to filter the results and get the documents between two dates. The query part gets more complicated:

{
   "query": {
      "filtered": {
         "filter": {
            "query": {
               "match_all": {}
            },
            "terms": {
               "range": {
                  "HOST_END_iso": {
                     "gt": "2015-02-19T09:30:41+01:00",
                     "lt": "2016-02-19T09:30:41+01:00"
                  }
               }
            }
         }
      },
      "size": 1
   },
   "aggs": {
      "rating": {
         "terms": {
            "field": "host-ip",
            "size": 0,
            "shard_size": 0
         }
      }
   }
}

There is one record returned, but no aggregations. Why?

Please note that I had to move the size which limits the number of returned elements into the scope of the first query. I do not understand why I need to do that, if I leave it at the same level as query and aggs (like in the first -successful- example), I am not limited anymore to 1 element (and still do not get aggs)