13 Aggregations

Search and analytics are two sides of a coin, and Elasticsearch delivers both with absolute detail and countless features. Elasticsearch is a market leader in analytics by providing the feature-rich functions for querying and analyzing data, thus enabling organizations to find insights and deep intelligence from their data. Although a search finds results for certain criteria, analytics, on the other hand, helps organizations derive statistics and metrics from it. So far, we've looked at searching for documents from a given corpus of documents. With analytics, we take a step back and look at the data from a high level to draw conclusions about it.

In this chapter, we’ll look at Elasticsearch's aggregations in detail. Elasticsearch boasts a large number of aggregations, predominantly categorized into one of these types: metric, bucket, and pipeline. Metric aggregations allow us to use analytical functions such as sum, min, max, or average for calculations on the data; bucket aggregations help us to categorize data into buckets or ranges. Finally, pipeline aggregations permit us to chain aggregations, meaning that they take metric or bucket aggregations and create new aggregations.

13.1 Overview

13.1.1 The endpoint and the syntax

13.1.2 Combining searches and aggregations

13.1.3 Multiple and nested aggregations

13.1.4 Ignoring the results

13.2 Metric aggregations

13.2.1 Sample data

13.2.2 The value count metric

13.2.3 The average metric

13.2.4 The sum metric

13.2.5 The minimum (min) and maximum (max) metrics

13.2.6 The common stats metric

13.2.7 The extended stats metric

13.2.8 The cardinality metric

13.3 Bucket aggregations

13.3.1 Histograms

13.3.2 Child-level aggregates

13.3.3 Custom range aggregation

13.3.4 The terms aggregation

13.3.5 Multi-terms aggregation

13.4 Parent and sibling aggregations

13.4.1 Parent aggregations