1

I would like to make buckets based of keyword-occurences in a field.

I checked elasticsearch documentation and found Filters Aggregation should be a good fit: https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-filters-aggregation.html#search-aggregations-bucket-filters-aggregation

Currently we're using bodybuilder.js to build queries. I found in the source code (https://github.com/danpaz/bodybuilder/blob/master/src/aggregation-builder.js#L87) an undocumented function:

bodybuilder()
     .aggregation('terms', 'title', {
         _meta: { color: 'blue' }
         }, 'titles')
        .build()

what results in:

{
  "aggs": {
    "titles": {
      "terms": {
        "field": "title"
      },
      "meta": {
        "color": "blue"
      }
    }
  }
}

But that's actually not the same structure like described in ES documentation:

GET logs/_search
{
  "size": 0,
  "aggs" : {
    "messages" : {
      "filters" : {
        "filters" : [
          { "match" : { "body" : "error"   }},
          { "match" : { "body" : "warning" }}
        ]
      }
    }
  }
}

Any idea how to achieve Filters Aggregations with bodybuilder.js ?

Phil
  • 325
  • 1
  • 2
  • 7

2 Answers2

1

This is not a solution for bodybuilder.js but one for javascript using a library - very similar to bodybuilder.js. Its called elastic-builder.js.

Regarding your question this code: 

esb.requestBodySearch()
    .agg(esb.filtersAggregation('messages')
    .filter('errors', esb.matchQuery('body', 'error'))
    .filter('warnings', esb.matchQuery('body', 'warning')));

will give you this response:

{
  "aggs": {
    "messages": {
      "filters": {
        "filters": {
          "errors": { "match": { "body": "error" }},
          "warnings": { "match": { "body": "warning" }}
        }
      }
    }
  }
}

It looks like bodybuilder.js is mostly build for queries and its easier to use for such purpose. If you want more control without the heavy json overhead elastic-builder could be a solution.

Tobias Sarnow
  • 1,076
  • 2
  • 12
  • 40
0

We can do it like this in bodybuilder.js:

bodybuilder().aggregation('filters', {
    "filters": {
        "errors": { "term": { "body": "error" } },
        "warnings": { "term": { "body": "warning" } }
    }
}, 'messages').build();

above code will generate the query:

{
  "aggs" : {
    "messages" : {
      "filters" : {
        "filters" : {
          "errors" :   { "term" : { "body" : "error"   }},
          "warnings" : { "term" : { "body" : "warning" }}
        }
      },
    }
  }
}
H_H
  • 1,460
  • 2
  • 15
  • 30