WARNING: Version 5.0 of Elasticsearch has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Bucket Selector Aggregation
editBucket Selector Aggregation
editThis functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
A parent pipeline aggregation which executes a script which determines whether the current bucket will be retained
in the parent multi-bucket aggregation. The specified metric must be numeric and the script must return a boolean value.
If the script language is expression
then a numeric return value is permitted. In this case 0.0 will be evaluated as false
and all other values will evaluate to true.
Note: The bucket_selector aggregation, like all pipeline aggregations, executions after all other sibling aggregations. This means that using the bucket_selector aggregation to filter the returned buckets in the response does not save on execution time running the aggregations.
Syntax
editA bucket_selector
aggregation looks like this in isolation:
{ "bucket_selector": { "buckets_path": { "my_var1": "the_sum", "my_var2": "the_value_count" }, "script": "params.my_var1 > params.my_var2" } }
Here, |
Table 12. bucket_selector
Parameters
Parameter Name | Description | Required | Default Value |
---|---|---|---|
|
The script to run for this aggregation. The script can be inline, file or indexed. (see Scripting for more details) |
Required |
|
|
A map of script variables and their associated path to the buckets we wish to use for the variable
(see |
Required |
|
|
The policy to apply when gaps are found in the data (see Dealing with gaps in the data for more details) |
Optional, defaults to |
The following snippet only retains buckets where the total sales for the month is more than 400:
POST /sales/_search { "size": 0, "aggs" : { "sales_per_month" : { "date_histogram" : { "field" : "date", "interval" : "month" }, "aggs": { "total_sales": { "sum": { "field": "price" } }, "sales_bucket_filter": { "bucket_selector": { "buckets_path": { "totalSales": "total_sales" }, "script": "params.totalSales > 200" } } } } } }
And the following may be the response:
{ "took": 11, "timed_out": false, "_shards": ..., "hits": ..., "aggregations": { "sales_per_month": { "buckets": [ { "key_as_string": "2015/01/01 00:00:00", "key": 1420070400000, "doc_count": 3, "total_sales": { "value": 550.0 } }, { "key_as_string": "2015/03/01 00:00:00", "key": 1425168000000, "doc_count": 2, "total_sales": { "value": 375.0 }, } ] } } }