Elastic Search Interpreter limitation?

Tue, 19 Apr 2016 09:54:12 -0700 

Hi,

I am trying to use the filters aggregation of elastic search
https://www.elastic.co/guide/en/elasticsearch/reference/2.2/search-aggregations-bucket-filters-aggregation.html


As documented on the elastic page, I made the following query through
zeppelin
{
  "aggs" : {
    "messages" : {
      "filters" : {
        "filters" : {
          "error" :   { "term" : { "logLevel" : "error"   }},
          "trace" : { "term" : { "logLevel" : "trace" }}
        }
      },
     "aggs" : {
        "messages_over_time" : {
            "date_histogram" : {
                "field" : "timestamp",
                "interval" : "day",
                "format" : "yyyy-MM-dd"
            }
        }
    }
    }

but the response only contained the fields: 'key' and 'doc_count', whereas
if I run the same query through elastic's rest interface, I get the
following result

  "aggregations": {
    "messages": {
      "buckets": {
        "error": {
          "doc_count": 57,
          "messages_over_time": {
            "buckets": [
              {
                "key_as_string": "2016-03-21",
                "key": 1458518400000,
                "doc_count": 1
              },
              {
                "key_as_string": "2016-03-22",
                "key": 1458604800000,
                "doc_count": 0
              },
              {
                "key_as_string": "2016-03-23",
                "key": 1458691200000,
                "doc_count": 0
              },
              {
                "key_as_string": "2016-03-24",
                "key": 1458777600000,
                "doc_count": 0
              },
              {
                "key_as_string": "2016-03-25",
                "key": 1458864000000,
                "doc_count": 0
              },
              {
                "key_as_string": "2016-03-26",
                "key": 1458950400000,
                "doc_count": 0
              },
              {
                "key_as_string": "2016-03-27",
                "key": 1459036800000,
                "doc_count": 0
              },
              {
                "key_as_string": "2016-03-28",
                "key": 1459123200000,
                "doc_count": 0
              },
              {
                "key_as_string": "2016-03-29",
                "key": 1459209600000,
                "doc_count": 0
              },
              {
                "key_as_string": "2016-03-30",
                "key": 1459296000000,
                "doc_count": 0
              },
              {
                "key_as_string": "2016-03-31",
                "key": 1459382400000,
                "doc_count": 0
              },
              {
                "key_as_string": "2016-04-01",
                "key": 1459468800000,
                "doc_count": 8
              },
              {
                "key_as_string": "2016-04-02",
                "key": 1459555200000,
                "doc_count": 0
              },
              {
                "key_as_string": "2016-04-03",
                "key": 1459641600000,
                "doc_count": 0
              },
              {
                "key_as_string": "2016-04-04",
                "key": 1459728000000,
                "doc_count": 48
              }
            ]
          }
        },
        "trace": {
          "doc_count": 372,
          "messages_over_time": {
            "buckets": [
              {
                "key_as_string": "2016-04-04",
                "key": 1459728000000,
                "doc_count": 372
              }
            ]
          }
        }
      }
    }

as expected, it has the timeseries of the 'error' and 'trace' messages.

Is there any limitation in elastic search interpreter which does not allow
parsing of complex responses?

Regards,
Ashish

Reply via email to