Aggregation APIs
Aggregating the search results are catered through Aggregate API
Using Aggregations, you can power dashboard and run high-level analysis on the results of your searches. Aggregations use the same Lucene-based logic as the search API, and results are returned as ordinary JSON documents.
Aggregation Types
Type | Description | Example Use Cases |
|---|---|---|
Term Aggregation | Term Aggregate endpoint enables the user to query for an aggregated view of the results, based on the provided parameters. This retrieves the counts for the desired field of the results against the query. Mostly used to generate dashboards, reports, and graphs. |
|
Trend Aggregation | Compared to the Term Aggregation, the "Trend Aggregation" does not return the most popular terms in a set. Instead, the trend aggregation highlights the results of a field that has undergone a significant change in popularity measured between a foreground and background set. |
|
Date Histogram | Date Histogram Aggregate endpoint enables user to query the aggregated result based on a timeframe. Mostly used to generate dashboards, reports, and graphs. |
|
No query wrapping required.
Unlike a request to the Search API, request to the Aggregation endpoints do not require the query to be wrapped in a query object.
Term Aggregation
Here are a couple of important points that need to be considered before consuming the Term Aggregate endpoint.
- You can only perform an aggregation on the most recent 30 days, and timeframes within 30 days can be narrowed using date range filtering.
- Query uses all the possible Terms, Phases, and Modifiers as briefed under the Query section.
Trend Aggregation
The Trend Aggregation returns unusual occurrences within a set, and therefore is perfectly suited to exploring anomalies.
For example if we look to see the trends in hashtags with certain keywords, the trend aggregation will highlight the significant changes. If the hashtag #cats only exists in 100 documents in a 10 million document index and yet is found in 4 of the 100 documents that make up the search results, that is significant and probably very relevant to their search. 5/10,000,000 vs 4/100 is a big swing in frequency.
Date Histogram Aggregation
What is a Histogram?
A histogram is an approximate representation of the distribution of numerical data.
Here are a couple of important points that need to be considered before consuming the Date Histogram endpoint.
- You can only perform an aggregation on the most recent 30 days, and timeframes within 30 days can be narrowed using date range filtering.
- The query within a Date Histogram can use all the possible Terms, Phases and Modifiers as briefed under Query, Metadata fields, and Enrichment sections.
- Data automatically adapts in resolution to the timeframes being requested. Therefore, a request for 10-minute segment will provide closer to per minute, while a week would provide daily. Searching 30 days will segment into 3 day buckets.
Updated 3 days ago