With this blog post we begin a comprehensive overview of Elasticsearch metrics aggregations that focuses on Elasticsearch numeric metrics aggregations -- a subset of metrics aggregations that produces numeric values. There are two types of these aggregations in Elasticsearch: single-value aggregations, which output a single value, and multi-value aggregations, which generate multiple metrics.

In the first part of our metrics aggregations series, we'll discuss such single-value metrics aggregations as average and weighted average, min, max, and cardinality. The only multi-value aggregation type discussed in this article is extended stats aggregation. To help you understand how these aggregations work, we'll accompany each description with the corresponding visualization in the Kibana dashboard. Let's get started!

Keep reading

In the past few articles, we have focused on indexing and searching parent-child relationships in elasticsearch. The parent-child functionality allows us to associate one document type with another, in a one-to-many relationship, or one parent to many children. In this tutorial, we continue with parent-child aggregations in elasticsearch.

Keep reading

We have already discussed about indexing parent-child relationships in elasticsearch. We gave realised that the parent-child functionality allows us to associate one document type with another, in a one-to-many relationship—one parent to many children.

For this post, we will be using hosted Elasticsearch on Qbox.io. You can sign up or launch your cluster here, or click "Get Started" in the header navigation. If you need help setting up, refer to "Provisioning a Qbox Elasticsearch Cluster."

The advantages that parent-child has over nested objects are as follows:

  • The parent document can be updated without reindexing the children.

  • Child documents can be added, changed, or deleted without affecting either the parent or other children. This is especially useful when child documents are large in number and need to be added or changed frequently.

  • Child documents can be returned as the results of a search request.

Keep reading

A nested type is a specialized version of the object datatype that allows arrays of objects to be indexed and queried independently of each other. If you need to index arrays of objects and to maintain the independence of each object in the array, you should use the nested datatype instead of the object datatype. Internally, nested objects index each object in the array as a separate hidden document, meaning that each nested object can be queried independently of the others, with the nested query.

Keep reading

We have seen numerous pipeline aggregations in previous posts. Here we discuss another pipeline aggregation called the moving average aggregation and its significance, as well as its application in real-life scenarios.

Keep reading

In this last installment of the pipeline aggregation blog series, we introduce the remaining class of aggregations, which includes the stats, extended stats, and the percentile aggregations. These aggregations are used to get a range of statistics like the average, percentiles, mean square values, and more for the data we have.

Keep reading