Hello, You are right, there are some limitations with the Elasticsearch interpreter. I have developed it and I'am going to check how I can change the component to take into account this kind of more complex request.
Regards, Bruno 2016-04-19 18:53 GMT+02:00 ashish rawat <dceash...@gmail.com>: > Hi, > > I am trying to use the filters aggregation of elastic search > > https://www.elastic.co/guide/en/elasticsearch/reference/2.2/search-aggregations-bucket-filters-aggregation.html > > > As documented on the elastic page, I made the following query through > zeppelin > { > "aggs" : { > "messages" : { > "filters" : { > "filters" : { > "error" : { "term" : { "logLevel" : "error" }}, > "trace" : { "term" : { "logLevel" : "trace" }} > } > }, > "aggs" : { > "messages_over_time" : { > "date_histogram" : { > "field" : "timestamp", > "interval" : "day", > "format" : "yyyy-MM-dd" > } > } > } > } > > but the response only contained the fields: 'key' and 'doc_count', whereas > if I run the same query through elastic's rest interface, I get the > following result > > "aggregations": { > "messages": { > "buckets": { > "error": { > "doc_count": 57, > "messages_over_time": { > "buckets": [ > { > "key_as_string": "2016-03-21", > "key": 1458518400000, > "doc_count": 1 > }, > { > "key_as_string": "2016-03-22", > "key": 1458604800000, > "doc_count": 0 > }, > { > "key_as_string": "2016-03-23", > "key": 1458691200000, > "doc_count": 0 > }, > { > "key_as_string": "2016-03-24", > "key": 1458777600000, > "doc_count": 0 > }, > { > "key_as_string": "2016-03-25", > "key": 1458864000000, > "doc_count": 0 > }, > { > "key_as_string": "2016-03-26", > "key": 1458950400000, > "doc_count": 0 > }, > { > "key_as_string": "2016-03-27", > "key": 1459036800000, > "doc_count": 0 > }, > { > "key_as_string": "2016-03-28", > "key": 1459123200000, > "doc_count": 0 > }, > { > "key_as_string": "2016-03-29", > "key": 1459209600000, > "doc_count": 0 > }, > { > "key_as_string": "2016-03-30", > "key": 1459296000000, > "doc_count": 0 > }, > { > "key_as_string": "2016-03-31", > "key": 1459382400000, > "doc_count": 0 > }, > { > "key_as_string": "2016-04-01", > "key": 1459468800000, > "doc_count": 8 > }, > { > "key_as_string": "2016-04-02", > "key": 1459555200000, > "doc_count": 0 > }, > { > "key_as_string": "2016-04-03", > "key": 1459641600000, > "doc_count": 0 > }, > { > "key_as_string": "2016-04-04", > "key": 1459728000000, > "doc_count": 48 > } > ] > } > }, > "trace": { > "doc_count": 372, > "messages_over_time": { > "buckets": [ > { > "key_as_string": "2016-04-04", > "key": 1459728000000, > "doc_count": 372 > } > ] > } > } > } > } > > as expected, it has the timeseries of the 'error' and 'trace' messages. > > Is there any limitation in elastic search interpreter which does not allow > parsing of complex responses? > > Regards, > Ashish > >