Aggregations

Question 1

How do you count unique values in elastic?

Answer 1

GET < index >/_search
{
   size: 0,
    aggs: {
        "< aggregation name >": {
            "cardinality": {
                field: "< field name >"
}

Question 2

Why should you use aggregations only on keyword fields?

Answer 2

Because analysed fields are broken down into tokens and it would be too expensive to aggregate them.
You get an error if you try saying the process would required uninverting the index which takes a lot of memory.

Question 3

How do remove the documents output in an aggregations query if you’re not interested in seeing the documents, just the counts?

Answer 3

Set “size: 0”.

Question 4

How do you do a sum aggregation?

Answer 4

GET < index >/_search
{
   size: 0,
    aggs: {
        "< aggregation name >": {
            "sum": {
                field: "< field name >"
}

Question 5

How do you do an average aggregation?

Answer 5

GET < index >/_search
{
   size: 0,
    aggs: {
        "< aggregation name >": {
            "avg": {
                field: "< field name >"
}

Question 6

How do you do a terms aggregation and what is it?

Answer 6

It aggregates and counts the values of a field into buckets.

GET < index >/_search
{
   size: 0,
    aggs: {
        "< aggregation name >": {
            "terms": {
                field: "< field name >"
                size: 10,
}

Question 7

What is a date histogram aggregation and how do you do it?

Answer 7

Gives you a count of events by day/month/etc

GET < index >/_search
{
   size: 0,
    aggs: {
        "< aggregation name >": {
            "date_histogram": {
                field: "< field name >" # date field
                calendar_interval: "day|month|etc"
}

TODO: Read more about other types of aggregations.

Question 8

How do you perform nested aggregations?

Answer 8

GET < index >/_search
{
   size: 0,
   aggs: {
     "< agg name >": {
          terms: {
            field: "< fild name >",
         }
         aggs: {
              ....
         }

Question 9

How do you sort your nested aggregations?

Answer 9

agg: {
     "< name >: {
         terms: {
               ....
               order: {
                  "< other aggregation >": "desc|asc"
              }
         },
                "aggs": {
                      "< other aggregation >": ....

Question 10

What are the 2 different types of pipeline aggregation?

Answer 10

• Sibling aggregation

- Parent aggregation

Question 11

How do you perform sibling aggregations?

Answer 11

{
   aggs: {
        < agg name >: { ... },
        < sibbling aggregation name >: {
            "sum_bucket": {
                 buckets_path: "path>to>aggregation>...."

Question 12

What is a sibling aggregation?

Answer 12

Allows you to aggregate the output of an other aggregation. For example, you can bucket the counts with one aggregation and calculate the total with a sibling aggregation by simply adding the result of the buckets.

Question 13

What is a pipeline aggregation?

Answer 13

An aggregation that takes the output of another aggregation as input.

Question 14

What is the difference between sibling and parent aggregation pipeline?

Answer 14

TODO: Do some more research on this because it wasn’t super clear.