perform aggregation on the result of a subquery aggregation

Tue, 16 Sep 2014 06:56:09 -0700 

Hi, 

I'm newbie with Elastic search. I'm validating Elasticsearch regarding our 
needs. 

Lets say I want to monitor disk usage of my VMs.
- vm1 and vm2 are in Platform PF_A, vm3 is in platform PF_B

The mapping I declared (can be pasted in sense) 
PUT /example_201408/vm/_mapping
{
    "_timestamp" : {
            "enabled" : true,
            "default" : null
        },
    "properties": {
        "date": {
            "type": "date"
        },
        "platform": {
            "type": "string"
        },
        "disk-used": {
            "type": "float"
        }
    }
}

once a day, I collect the disk usage for all my vms and I store data in 
E.S: 
POST /example_201408/vm/vm1_20140825
{
    "_timestamp": "2014-08-25T14:02:12.000Z",
    "ip": "192.168.0.1",
    "platform" : "pf_A",
    "disk-used": 10
}
POST /example_201408/vm/vm2_20140825
{
    "_timestamp": "2014-08-25T14:02:12.000Z",
    "ip": "192.168.0.2",
    "platform" : "pf_A",
    "disk-used": 30
}
POST /example_201408/vm/vm3_20140825
{
    "_timestamp": "2014-08-25T14:02:12.000Z",
    "ip": "192.168.0.3",
    "platform" : "pf_B",
    "disk-used": 40
}


POST /example_201408/vm/vm1_20140826
{
    "_timestamp": "2014-08-26T14:02:12.000Z",
    "ip": "192.168.0.1",
    "platform" : "pf_A",
    "disk-used": 15
}


I would like to have 

   - *I successfully lookup data per ip, grouped by platform (in 
   buckets) at specified date (now) *using this query

GET /example_201408/_search?search_type=count&pretty=true
{
  "aggs": {
    "current_pf_statuses": {
      "terms": {
        "field": "platform"
      },
      "aggs": {
        "current_ip_statuses": {
          "terms": {
            "field": "ip"
          },
          "aggs": {
            "current_status_per_pf": {
              "top_hits": {
                "sort": [
                  {
                    "_timestamp": {
                      "order": "desc"
                    }
                  }
                ],
                "size": 1
              }
            }
          }
        }
      }
    }
  }
}



*I don't know how to sum disk-usage per Platform at specified date. *

I would imagine to use the result of the first query in another one that 
would aggregate over the platform field but I don't know how to do? 

Is it possible to aggregate data per buckets ?  



Regards,
Guillaume




-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/8096f21c-a0ac-4b07-af5d-0ab36f1f43aa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to