Elastic - Is it possible to change the scope of a nested aggregation?

Context

Elastic 6.0.0

I have the following structure:

{
  "age": 24,
  "blood": 450,
  "iv": 700,
  "job": "boss",
  "damage": "cut,
  "complications": {
    "days": 4
  },
  "diagnostics": [
    {"flavour": "lemon"}, {"flavour": "coco"}
  ]
}

I have been trying different aggregations, always aggregating average fields at the end, like this.

And the results return fine, actually great. As you can see in the link, the averages aggregations at the end is the most crucial part of the whole aggregation. scheme.

So far, I have find out that they must be the last step of the process. Otherwise, I wouldn't get the correct averages values for the desired level of data aggregation.

Problem

My issue comes at the point where I have to add a nested aggregation, example here.

If I add the nested aggregation (grouping for diagnostic flavours) at the end of the aggregation scheme, and then add the averages aggregation as another aggregation over the nested aggregation, all I get is null values. Which is completely correct!, given that nor blood, nor iv fields are part of the nested diagnostics field.

Question

is there a way to change the "scope" of the averages aggregation so that it can calculate the averages over the fields of the main object, and not the nested one, while I keep the nested aggregation in the scheme?

I have searched through the documentation, but no one seems to get my problem, so I'm thinking that maybe there's something wrong in what I'm doing.

2 answers

  • answered 2018-03-13 21:19 Andrei Stefan

    I would have loved to see a desired output, because I am not sure I understood the requirement. I attempted a trivial solution, but as I said, you were not explaining this right.

      "aggs": {
        "job": {
          "terms": {
            "field": "job"
          },
          "aggs": {
            "damage": {
              "terms": {
                "field": "damage"
              },
              "aggs": {
                "nested_diagnostic_flavour": {
                  "nested": {
                    "path": "diagnostics"
                  },
                  "aggs": {
                    "flavour": {
                      "terms": {
                        "field": "diagnostics.flavour"
                      }
                    }
                  }
                },
                "iv": {
                  "avg": {
                    "field": "iv"
                  }
                },
                "blood": {
                  "avg": {
                    "field": "blood"
                  }
                }
              }
            }
          }
        }
      }
    

  • answered 2018-03-13 21:19 ekauffmann

    As somebody already said, what you need is the reverse_nested aggregation. According to the documentation, it's exactly the thing for "changing scopes" in subaggregations. Based on what you have explained, I think you need to supply the empty object to the reverse_nested aggregation.

    I hope this puts you in the right track for solving your problem.