0

I'm struggling to get my aggregations to be restricted to my query. I, of course, tried:

{
    "_source": ["burger.id", "burger.user_name", "burger.timestamp"],
    "query": {
        "query_string": {
            "query": "burger.user_name:Bob"
        }
    },
    "aggs": {
        "burger_count": {
            "cardinality": {
                "field": "burger.id.keyword"
            }
        },
        "min_dtm": {
            "min": {
                "field": "burger.timestamp"
            }
        },
        "max_dtm": {
            "max": {
                "field": "burger.timestamp"
            }
        }
    }
}

I am very set on using "query_string" for filtering, as we have a very nice front-end that allows users to easily build queries that are then turned into a "query_string."

Unfortunately, I have not found a way to combine query_string and aggregations so that the aggregations are only over the results of the query!

I've read through many SO posts about doing this, but they are all very old and outdated as they all suggest the deprecated way of Filtered Queries, but even that doesn't implement query_string.

UPDATE

Here are some example documents. It appears that my results are not being filtered by my query. Is there a setting that I am missing? I also changed all of the fields to be about burgers...

{
    "_index": "burgers",
    "_type": "burger",
    "_id": "123",
    "_score": 5.3759894,
    "_source": {
      "inference": {
        "id": "1",
        "user_name": "Jonathan",
        "timestamp": 1541521691847
      }
    }
  },
  {
    "_index": "burgers",
    "_type": "burger",
    "_id": "456",
    "_score": 5.3759894,
    "_source": {
      "inference": {
        "id": "2",
        "user_name": "Ryan",
        "timestamp": 1542416601153
      }
    }
  },
  {
    "_index": "burgers",
    "_type": "burger",
    "_id": "789",
    "_score": 5.3759894,
    "_source": {
      "inference": {
        "id": "3",
        "user_name": "Grant",
        "timestamp": 1542237715511
      }
    }
  }
WebWanderer
  • 10,380
  • 3
  • 32
  • 51
  • Your query is correct. This will get documents based on you query string and then all the aggregations will run the this set of documents. – Nishant Feb 01 '19 at 03:27
  • @NishantSaini The results are the same no matter what the query, and I have many users. – WebWanderer Feb 01 '19 at 03:28
  • Can you add minimal and verifiable example where the issue can be replicated as I don't see any issue with the query. Also what the version of elasticsearch you are using? – Nishant Feb 01 '19 at 03:31
  • Not sure what more I can provide, legally, but we are using 6.4. – WebWanderer Feb 01 '19 at 03:33
  • Actually, maybe not. Let me check on that. – WebWanderer Feb 01 '19 at 03:35
  • 1
    If you could add a few sample docs (2 or 3) against which if I run the above query, it gives the result which was not expected. – Nishant Feb 01 '19 at 03:38
  • We have ES 5.1.1, Lucene 6.3.0. I could try to come up with some sample docs. I need to be very careful to not reveal any of our data. – WebWanderer Feb 04 '19 at 13:07
  • I just noticed an issue in my result set. My results are not being filtered to `burger.user_name:Bob`. I got back multiple users. Is there a setting I am missing for "match all?" – WebWanderer Feb 04 '19 at 13:25
  • @NishantSaini I've added the example documents – WebWanderer Feb 04 '19 at 13:32

1 Answers1

0

Found my answer! It appears that the issue was caused by querying the text field of burger.user_name instead of the keyword field: burger.user_name.keyword. Changing my query_string to use the keyword for each text field solved my issue.

{
    "_source": ["burger.id", "burger.user_name", "burger.timestamp"],
    "query": {
        "query_string": {
            "query": "burger.user_name.keyword:Bob"
        }
    },
    "aggs": {
        "burger_count": {
            "cardinality": {
                "field": "burger.id.keyword"
            }
        },
        "min_dtm": {
            "min": {
                "field": "burger.timestamp"
            }
        },
        "max_dtm": {
            "max": {
                "field": "burger.timestamp"
            }
        }
    }
}

This SO answer gives a great, brief explanation why.

WebWanderer
  • 10,380
  • 3
  • 32
  • 51