1

I wrote an elasticsearch query to get only top 10 result in descending order

{

  "aggs": {
    "group_by_user": {
      "terms": {
        "field": "user.raw",
         "size": 10
      }
    }
  }
}

I am getting below error I am getting the following error

Result window is too large, from + size must be less than or equal to: [10000] but was [10250]

How to rephrase my query to get the exact result of what I am looking for it. I dont know where I am going wrong.

Thanks in advance.

Improve this question
2
  • Is that your complete query? Commented Jul 12, 2016 at 7:06
  • I hope so. I am not sure whether I need to add more filters or terms in it Commented Jul 12, 2016 at 7:08

2 Answers 2

Reset to default
2

Not this size is the one to look for, but the one at the root of the query:

{
  "size": 10250,
  "aggs": {
    "group_by_user": {
      "terms": {
        "field": "user.raw",
         "size": 10
      }
    }
  }
}

The error message is about that one. Check your query and, potentially, any query parameters under the form ?size=10250....

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Is there a field called size in your document ? Because if not that's not how you use from/size. If there is indeed a field named size mapped as a number, I don't see any reason this query shouldn't work, it should still give 10 results by default.

Anyways the correct way of using from/size is 

{
  "from": 0, "size": 10,
  "aggs": {
    "group_by_user": {
      "terms": {
        "field": "user.raw",
      }
    }
  }
}

This will give you 10 results, ie. results from 0 with a size of 10

Improve this answer

5 Comments

I have applied your concept but I am getting the below error. nested: QueryPhaseExecutionException[Result window is too large, from + size must be less than or equal to: [10000] but was [10250]. See the scroll api for a more efficient way to request large data sets. This limit can be set by changing the [index.max_result_window] index level parameter.]; }
There is no field like size in my document. i thought it was a builtin field.
My requirement is eventhough if I have 10000k events I need only top 10 events among all the events in my index.
I have no idea where it's getting the size "10250" from. Could you post your exact query and some details about the index and what you are trying to search exactly ? Anyways, I suggest you forget about the size of the result set for now and focus on getting your query correct, because like I said no matter how many hits are there for your query, elasticsearch will only show the first 10 results by default.
I am trying to execute your query using ElasticTab plugin.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.