Introduction to Aggregations in Elasticsearch
What are Aggregations?
Aggregations in Elasticsearch allow you to perform advanced data analysis and extract statistical and other types of information from your data. They are analogous to SQL's GROUP BY clauses but are much more powerful and flexible.
Types of Aggregations
Elasticsearch supports several types of aggregations:
- Metric Aggregations: Calculate metrics, such as sum, average, min, max, etc.
- Bucketing Aggregations: Group documents into buckets based on field values, ranges, or other criteria.
- Pipeline Aggregations: Aggregate the results of other aggregations.
- Matrix Aggregations: Perform matrix operations on numeric fields.
Basic Example of Metric Aggregation
Let's start with a simple example of a metric aggregation to calculate the average age of users in an Elasticsearch index.
POST /users/_search?size=0
{
"aggs": {
"average_age": {
"avg": {
"field": "age"
}
}
}
}
{
"took": 15,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 1000,
"relation": "eq"
},
"max_score": null,
"hits": []
},
"aggregations": {
"average_age": {
"value": 29.5
}
}
}
Basic Example of Bucketing Aggregation
Now let's see an example of a bucketing aggregation that groups users by age ranges.
POST /users/_search?size=0
{
"aggs": {
"age_ranges": {
"range": {
"field": "age",
"ranges": [
{ "to": 20 },
{ "from": 20, "to": 30 },
{ "from": 30, "to": 40 },
{ "from": 40 }
]
}
}
}
}
{
"took": 10,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 1000,
"relation": "eq"
},
"max_score": null,
"hits": []
},
"aggregations": {
"age_ranges": {
"buckets": [
{
"key": "*-20",
"to": 20,
"doc_count": 150
},
{
"key": "20-30",
"from": 20,
"to": 30,
"doc_count": 400
},
{
"key": "30-40",
"from": 30,
"to": 40,
"doc_count": 300
},
{
"key": "40-*",
"from": 40,
"doc_count": 150
}
]
}
}
}
Combining Aggregations
You can combine multiple aggregations to perform more complex queries. For example, you can calculate the average age within each age range group:
POST /users/_search?size=0
{
"aggs": {
"age_ranges": {
"range": {
"field": "age",
"ranges": [
{ "to": 20 },
{ "from": 20, "to": 30 },
{ "from": 30, "to": 40 },
{ "from": 40 }
]
},
"aggs": {
"average_age": {
"avg": {
"field": "age"
}
}
}
}
}
}
{
"took": 12,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 1000,
"relation": "eq"
},
"max_score": null,
"hits": []
},
"aggregations": {
"age_ranges": {
"buckets": [
{
"key": "*-20",
"to": 20,
"doc_count": 150,
"average_age": {
"value": 18.5
}
},
{
"key": "20-30",
"from": 20,
"to": 30,
"doc_count": 400,
"average_age": {
"value": 25.0
}
},
{
"key": "30-40",
"from": 30,
"to": 40,
"doc_count": 300,
"average_age": {
"value": 35.0
}
},
{
"key": "40-*",
"from": 40,
"doc_count": 150,
"average_age": {
"value": 45.0
}
}
]
}
}
}
Conclusion
Aggregations in Elasticsearch are a powerful tool for performing data analysis. They allow you to calculate metrics, group data into buckets, and combine various aggregations to extract valuable insights from your data. This tutorial covered the basics, but there are many more advanced features and optimizations that you can explore in the Elasticsearch documentation.