1

My query search result is of following structure

[   
     {
        "_index" : "xxxx",
        "_type" : "status",
        "_id" : "01xxxxxxxxxxx",
        "_score" : 6.297049,
        "_source" : {
          "messageDetail" : {
            "errors" : [
              {
                "errorMessage" : ".metaData should have required property 'schemaVersion'"
              }
            ]
          }
        }
      },
      {
        "_index" : "xxxx",
        "_type" : "status",
        "_id" : "076XXXXxxx",
        "_score" : 6.297049,
        "_source" : {
          "messageDetail" : {
            "errors" : [
              {
                "errorMessage" : ".metaData should have required property 'scenarioName'"
              }
            ]
          }
        }
      },
...]

I would like to aggregate over messageDetail.errors.errorMessage and create a map alike structure that will hold the different error messages and their number of occurrence in a key-value pair.

P.S. - messageDetail.error is an array of single object.

Can someone please provide any query for the same.

Improve this question
0

1 Answer 1

Reset to default
1

Adding a working example with index data (used same as that given in question), index mapping, search query, and search result

Index Mapping:

{
  "mappings": {
    "properties": {
      "messageDetail": {
        "properties": {
          "errors": {
            "properties": {
              "errorMessage": {
                "type": "keyword"
              }
            }
          }
        }
      }
    }
  }
}

Search Query

{
    "size": 0, 
    "aggs" : {
        "states" : {
            "terms" : { 
                "field" : "messageDetail.errors.errorMessage"
            }
        }
    }
}

Search Result:

"aggregations": {
    "states": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": [
        {
          "key": ".metaData should have required property 'scenarioName'",
          "doc_count": 1
        },
        {
          "key": ".metaData should have required property 'schemaVersion'",
          "doc_count": 1
        }
      ]
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Thanks for answering. Can you please suggest if I don't have control over the mapping?
@banerjeesouvik thanks for your reply. It would be great if you can share your index mapping (which you are using), only then I can comment if the above results can be achieved using your mapping or not :)
thanks for your answer. the requirement got changed, so I did not follow up on this anymore. thanks again for your help.
@banerjeesouvik no problem :) Can you please accept my answer as well (if it helped you resolve your previous requirement)
Thank u @banerjeesouvik for accepting my answer 🙂 Hope you have upvoted my answer as well 🙂

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.