i am executing a elastic query and reading the response inside java code using REST calls. when i read the response, order of fields - 200, 204, 4xx, 5xx are not returned in the order in the response.
find below sample request placed
GET appl-activity*/_search
{
"size": 0,
"aggs": {
"group_by_daterange": {
"range": {
"field": "Date",
"ranges": [
{
"from": "Fri Oct 23 02:54:26 2020 -0400",
"to": "Mon Oct 26 05:54:26 2020 -0400"
}
]
},
"aggs": {
"byapplication": {
"terms": {
"field": "application.keyword",
"size": 1000
},
"aggs": {
"by200": {
"sum": {
"field": "200"
}
},
"by204": {
"sum": {
"field": "204"
}
},
"by4xx": {
"sum": {
"field": "4xx"
}
},
"by5xx": {
"sum": {
"field": "5xx"
}
}
}
}
}
}
}
}
response returned :-
{
"took" : 35,
"timed_out" : false,
"_shards" : {
"total" : 2,
"successful" : 2,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : 1173,
"max_score" : 0.0,
"hits" : [ ]
},
"aggregations" : {
"group_by_daterange" : {
"buckets" : [
{
"key" : "Fri Oct 23 06:54:26 2020 +0000-Mon Oct 26 09:54:26 2020 +0000",
"from" : 1.603436066E12,
"from_as_string" : "Fri Oct 23 06:54:26 2020 +0000",
"to" : 1.603706066E12,
"to_as_string" : "Mon Oct 26 09:54:26 2020 +0000",
"doc_count" : 30,
"byapplication" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "SITE",
"doc_count" : 20,
"by4xx" : {
"value" : 1.0
},
"by5xx" : {
"value" : 0.0
},
"by204" : {
"value" : 0.0
},
"by200" : {
"value" : 5342.0
}
},
{
"key" : "MOBILE",
"doc_count" : 10,
"by4xx" : {
"value" : 0.0
},
"by5xx" : {
"value" : 0.0
},
"by204" : {
"value" : 0.0
},
"by200" : {
"value" : 5635.0
}
}
]
}
}
]
}
}
}
i am expecting the response codes in the same order that is there in the request. please help me??
{
"key": "MOBILE",
"doc_count": 10,
"by200": {
"value": 5635
},
"by204": {
"value": 0
},
"by4xx": {
"value": 0
},
"by5xx": {
"value": 0
}
}
Unlike arrays, JSON dictionaries aren't guaranteed any order. This means there's no specification which would force ElasticSearch or any other JSON-in/JSON-out interface to retain the input order.
While that's unfortunate, some systems (e.g. stripe) go the extra mile to alphabetically sort the response keys just before returning to the client.
Having said that, I used to approach this problem by prepending an alphanumeric char combination to the agg key name based on the order I wanted:
{
"1__myAggName": { ... },
"2__myAggName": { ... },
...
}
Then on the client side I'd trivially sort the agg keys and ditch the prefixes.
But these days I tend to use aggregation metadata where I put the order and other info. This greatly improved transparency and readability of all my post-processing steps:
{
...
"byapplication": {
"terms": {
"field": "application.keyword",
"size": 1000
},
"aggs": {
"by200": {
"meta": { <--
"index": 0
},
"sum": {
"field": "200"
}
},
"by204": {
"meta": { <--
"index": 1
},
"sum": {
"field": "204"
}
},
"by4xx": {
"meta": {
"index": 2
},
"sum": {
"field": "4xx"
}
},
"by5xx": {
"meta": {
"index": 3
},
"sum": {
"field": "5xx"
}
}
}
}
}