.subAggregation(AggregationBuilders.terms("streams").field(Message.FIELD_STREAMS)); final String query = searchSource() .aggregation(builder) .size(0) .toString();
searchSourceBuilder.aggregation(AggregationBuilders.count(AGG_VALUE_COUNT).field(field)); searchSourceBuilder.aggregation(AggregationBuilders.extendedStats(AGG_EXTENDED_STATS).field(field)); searchSourceBuilder.aggregation(AggregationBuilders.cardinality(AGG_CARDINALITY).field(field)); searchSourceBuilder.aggregation(filterBuilder);
public TermsResult terms(String field, List<String> stackedFields, int size, String query, String filter, TimeRange range, Sorting.Direction sorting) { final Terms.Order termsOrder = sorting == Sorting.Direction.DESC ? Terms.Order.count(false) : Terms.Order.count(true); final SearchSourceBuilder searchSourceBuilder = filteredSearchRequest(query, filter, range); searchSourceBuilder.aggregation(createTermsBuilder(field, stackedFields, size, termsOrder)); searchSourceBuilder.aggregation(AggregationBuilders.missing("missing") .field(field)); final Set<String> affectedIndices = determineAffectedIndices(range, filter); if (affectedIndices.isEmpty()) { return TermsResult.empty(query, searchSourceBuilder.toString()); } final Search.Builder searchBuilder = new Search.Builder(searchSourceBuilder.toString()) .ignoreUnavailable(true) .allowNoIndices(true) .addType(IndexMapping.TYPE_MESSAGE) .addIndex(affectedIndices); final io.searchbox.core.SearchResult searchResult = wrapInMultiSearch(searchBuilder.build(), () -> "Unable to perform terms query"); recordEsMetrics(searchResult, range); final TermsAggregation termsAggregation = searchResult.getAggregations().getFilterAggregation(AGG_FILTER).getTermsAggregation(AGG_TERMS); final MissingAggregation missing = searchResult.getAggregations().getMissingAggregation("missing"); return new TermsResult( termsAggregation, missing.getMissing(), searchResult.getTotal(), query, searchSourceBuilder.toString(), tookMsFromSearchResult(searchResult), // Concat field and stacked fields into one fields list ImmutableList.<String>builder().add(field).addAll(stackedFields).build() ); }
.aggregation(histogramBuilder);
searchRequest.source().aggregation(aggregationBuilder); searchRequest.source().aggregation(aggregatedFacet.getFacet());
public HistogramResult histogram(String query, DateHistogramInterval interval, String filter, TimeRange range) { final DateHistogramAggregationBuilder histogramBuilder = AggregationBuilders.dateHistogram(AGG_HISTOGRAM) .field(Message.FIELD_TIMESTAMP) .dateHistogramInterval(interval.toESInterval()); final SearchSourceBuilder searchSourceBuilder = filteredSearchRequest(query, filter, range) .aggregation(histogramBuilder); final Set<String> affectedIndices = determineAffectedIndices(range, filter); if (affectedIndices.isEmpty()) { return DateHistogramResult.empty(query, searchSourceBuilder.toString(), interval); } final Search.Builder searchBuilder = new Search.Builder(searchSourceBuilder.toString()) .addType(IndexMapping.TYPE_MESSAGE) .addIndex(affectedIndices) .ignoreUnavailable(true) .allowNoIndices(true); final io.searchbox.core.SearchResult searchResult = wrapInMultiSearch(searchBuilder.build(), () -> "Unable to retrieve histogram"); recordEsMetrics(searchResult, range); final HistogramAggregation histogramAggregation = searchResult.getAggregations().getHistogramAggregation(AGG_HISTOGRAM); return new DateHistogramResult( histogramAggregation, query, searchSourceBuilder.toString(), interval, tookMsFromSearchResult(searchResult) ); }
/** * Adds an aggregation to the search operation. */ public SearchRequestBuilder addAggregation(PipelineAggregationBuilder aggregation) { sourceBuilder().aggregation(aggregation); return this; }
/** * Adds an aggregation to the search operation. */ public SearchRequestBuilder addAggregation(AggregationBuilder aggregation) { sourceBuilder().aggregation(aggregation); return this; }
.aggregation(dateHistogramBuilder);
.size(size) ); searchSourceBuilder.aggregation(builder);
/** * Builds a group search request. * @param groupRequest The Metron group request. * @param queryBuilder The search query. * @return An Elasticsearch search request. */ private org.elasticsearch.action.search.SearchRequest buildGroupRequest( GroupRequest groupRequest, QueryBuilder queryBuilder) { // handle groups TermsAggregationBuilder groups = getGroupsTermBuilder(groupRequest, 0); final SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder() .query(queryBuilder) .aggregation(groups); // return the search request String[] indices = wildcardIndices(groupRequest.getIndices()); return new org.elasticsearch.action.search.SearchRequest() .indices(indices) .source(searchSourceBuilder); }
TermsAggregationBuilder terms = AggregationBuilders.terms( name).field(field); searchBuilder.aggregation(terms);
ssb.aggregation(AggregationBuilders.terms(aggregation.getName()).field(aggregation.getField()));
/** * Adds an aggregation to the search operation. */ public SearchRequestBuilder addAggregation(PipelineAggregationBuilder aggregation) { sourceBuilder().aggregation(aggregation); return this; }
ssb.aggregation(AggregationBuilders.terms(aggregation.getName()).field(aggregation.getField()));
ssb.aggregation(AggregationBuilders.terms(aggregation.getName()).field(aggregation.getField()));
/** * Adds an aggregation to the search operation. */ public SearchRequestBuilder addAggregation(PipelineAggregationBuilder aggregation) { sourceBuilder().aggregation(aggregation); return this; }
/** * Adds an aggregation to the search operation. */ public SearchRequestBuilder addAggregation(AggregationBuilder aggregation) { sourceBuilder().aggregation(aggregation); return this; }
private static void setStatsAggregation(SearchSourceBuilder searchSource, StatsAggregation aggregation, Boolean value) { if (!value) { return; } StatsAggregationBuilder statsAggregation = new StatsAggregationBuilder(aggregation.name()).field(aggregation.field()); searchSource.aggregation(statsAggregation); }
protected SearchRequest getCardinalityRequest(FilterJoinNode node, ActionRequest parentRequest) { String[] lookupIndices = node.getLookupIndices(); String[] lookupTypes = node.getLookupTypes(); String lookupPath = node.getLookupPath(); // Build the search source with the aggregate definition SearchSourceBuilder sourceBuilder = new SearchSourceBuilder(); sourceBuilder.size(0).aggregation(AggregationBuilders.cardinality(lookupPath).field(lookupPath)); // Build search request with reference to the parent request SearchRequest searchRequest = new SearchRequest(parentRequest); searchRequest.indices(lookupIndices).types(lookupTypes).source(sourceBuilder); return searchRequest; }