Search code examples
elasticsearchsense

Aggregation returns no buckets

I'm trying to get all unique suite_name fields from ElasticSearch, but my aggs isn't returning any buckets.

I'm using this mapping

{
  "functional_tests": {
    "mappings": {
      "web_test_result": {
        "properties": {
          "duration": {
            "type": "long"
          },
          "fail_category": {
            "type": "string"
          },
          "fail_info": {
            "properties": {
              "message": {
                "type": "string"
              },
              "screenshot_url": {
                "type": "string"
              },
              "stack": {
                "type": "string"
              }
            }
          },
          "fail_message": {
            "type": "string"
          },
          "fail_stack": {
            "type": "string"
          },
          "file": {
            "type": "string"
          },
          "finish_time": {
            "type": "date",
            "format": "strict_date_optional_time||epoch_millis"
          },
          "instance_id": {
            "type": "long"
          },
          "order_number": {
            "type": "long"
          },
          "query": {
            "properties": {
              "term": {
                "properties": {
                  "instance_id": {
                    "type": "long"
                  },
                  "suite_name": {
                    "type": "string"
                  }
                }
              }
            }
          },
          "screenshot_url": {
            "type": "string"
          },
          "size": {
            "type": "long"
          },
          "status": {
            "type": "string"
          },
          "suite_id": {
            "type": "string"
          },
          "suite_title": {
            "type": "string",
            "fields": {
              "raw": {
                "type": "string",
                "index": "not_analyzed"
              }
            }
          },
          "test_id": {
            "type": "string"
          },
          "test_title": {
            "type": "string",
            "fields": {
              "raw": {
                "type": "string",
                "index": "not_analyzed"
              }
            }
          },
          "timedOut": {
            "type": "boolean"
          }
        }
      }
    }
  }
}

And this aggs

GET functional_tests/web_test_result/_search
{
  "size": 0, 
  "aggs" : {
    "suite_titles" : {
      "terms" : { 
        "field" : "suite_title.raw", 
        "size" : 1000
      }
    }
  }
}

which returns me this

{
  "took": 1,
  "timed_out": false,
  "_shards": {
    "total": 5,
    "successful": 5,
    "failed": 0
  },
  "hits": {
    "total": 3383,
    "max_score": 0,
    "hits": []
  },
  "aggregations": {
    "suite_titles": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": []
    }
  }
}

If I do the aggs on suite_id, which is a single token, I get buckets.

Solution

  • From the mapping you can verify that your suite_id is of type string and from default mapping of Elasticsearch it is not_analyzed.

    .raw is available for fields which are analyzed where suite_id.raw would give you non analyzed value and suite_id will give you analyzed value.

    You don't have any analyzed value so no .raw field. You have to use suite_id only.