Quick Links
- Introduction
- Using Sum Aggregation in Elasticsearch
- Combining Sum Aggregation with Other Aggregations
- Using Scripted Fields in Sum Aggregation
Introduction
Elasticsearch sum aggregation is a powerful tool for data analysis, allowing you to calculate the sum of a numeric field for a set of documents. This aggregation can be used in various scenarios, such as calculating the total sales for a specific product, determining the total number of errors in log files, or aggregating metrics in monitoring systems.
In this article, we will explore the intricacies of Elasticsearch sum aggregation and demonstrate its usage with practical examples.
Using Sum Aggregation in Elasticsearch
To perform a sum aggregation, you need to specify the field on which the sum should be calculated. The basic structure of a sum aggregation query is as follows:
GET /_search { "aggs": { "sum_agg_name": { "sum": { "field": "numeric_field" } } } }
Replace “sum_agg_name” with a custom name for your aggregation, and “numeric_field” with the name of the numeric field you want to sum.
Example: Calculating the Total Sales for a Product
Consider an e-commerce index with documents representing individual sales transactions. Each document contains information about the product, quantity, and price. To calculate the total sales for a specific product, you can use the following sum aggregation query:
GET /ecommerce/_search { "query": { "term": { "product_id": 123 } }, "aggs": { "total_sales": { "sum": { "field": "price" } } } }
This query will return the sum of the “price” field for all documents with a “product_id” of 123.
Combining Sum Aggregation with Other Aggregations
Elasticsearch allows you to combine sum aggregation with other aggregations to perform more complex data analysis. For example, you can use a terms aggregation to group documents by a specific field and then apply a sum aggregation to calculate the total sales for each group.
Example: Calculating the Total Sales per Product Category
To calculate the total sales per product category, you can use the following query:
GET /ecommerce/_search { "aggs": { "categories": { "terms": { "field": "category.keyword" }, "aggs": { "total_sales": { "sum": { "field": "price" } } } } } }
This query will group documents by the “category” field and then calculate the sum of the “price” field for each group.
Using Scripted Fields in Sum Aggregation
In some cases, you may need to perform calculations on the numeric field before aggregating its sum. Elasticsearch allows you to use scripted fields in sum aggregation to achieve this.
Example: Calculating the Total Sales with Discount Applied
Assume that each document in the e-commerce index has a “discount_percentage” field. To calculate the total sales with the discount applied, you can use the following query:
GET /ecommerce/_search { "aggs": { "total_sales_with_discount": { "sum": { "script": { "source": "doc['price'].value * (1 - doc['discount_percentage'].value / 100)" } } } } }
This query will calculate the discounted price for each document and then aggregate the sum.
You can learn more about Elasticsearch’s aggregation framework, including about the sum aggregation by taking a look at this guide.