Elasticsearch aggregation using a bool filter

Question

I've the following query which works fine on Elasticsearch 1.x but does not work on 2.x (I get doc_count: 0) since the bool filter has been deprecated. It's not quite clear to me how to re-write this query using the new Bool Query.

{
  "aggregations": {
    "events_per_period": {
      "filter": {
        "bool": {
          "must": [
            {
              "terms": {
                "message.facility": [
                  "facility1",
                  "facility2",
                  "facility3"
                ]
              }
            }
          ]
        }
      }
    }
  },
  "size": 0
}

Any help is greatly appreciated.

@AndreiStefan - The query I've above is one I've that returns `doc_count > 0` in 1.x but returns 0 in 2.x. — jeffreyveon, Apr 20 '17 at 05:23
Can you also share the mapping of the `message` field and a sample document? — Andrei Stefan, Apr 20 '17 at 05:24

score 1 · Accepted Answer · edited May 23 '17 at 12:25

I think you might want aggregation on multi fields with filter :- Here I assume filter for id and aggregation on facility1 and facility2 .

{
    "_source":false,
    "query": {
        "match": {
            "id": "value"
        }
    },
    "aggregations": {
        "byFacility1": {
            "terms": {
                "field": "facility1"
            },
            "aggs": {
                "byFacility2": {
                    "terms": {
                        "field": "facility2"
                    }
                }
            }
        }
    }
}

if you want aggregation on three field , check link. For java implementation link2

Elasticsearch aggregation using a bool filter

1 Answers1