OpenSearch/docs/reference/aggregations/metrics/sum-aggregation.asciidoc

134 lines
3.7 KiB
Plaintext
Raw Normal View History

[[search-aggregations-metrics-sum-aggregation]]
=== Sum Aggregation
A `single-value` metrics aggregation that sums up numeric values that are extracted from the aggregated documents. These values can be extracted either from specific numeric fields in the documents, or be generated by a provided script.
Assuming the data consists of documents representing stock ticks, where each tick holds the change in the stock price from the previous tick.
[source,js]
--------------------------------------------------
{
"query" : {
"constant_score" : {
"filter" : {
"range" : { "timestamp" : { "from" : "now/1d+9.5h", "to" : "now/1d+16h" }}
}
}
},
"aggs" : {
"intraday_return" : { "sum" : { "field" : "change" } }
}
}
--------------------------------------------------
The above aggregation sums up all changes in the today's trading stock ticks which accounts for the intraday return. The aggregation type is `sum` and the `field` setting defines the numeric field of the documents of which values will be summed up. The above will return the following:
[source,js]
--------------------------------------------------
{
...
"aggregations": {
"intraday_return": {
"value": 2.18
}
}
}
--------------------------------------------------
The name of the aggregation (`intraday_return` above) also serves as the key by which the aggregation result can be retrieved from the returned response.
==== Script
Computing the intraday return based on a script:
[source,js]
--------------------------------------------------
{
...,
"aggs" : {
2016-06-27 09:55:16 -04:00
"intraday_return" : {
"sum" : {
"script" : {
"lang": "painless",
"inline": "doc['change'].value"
}
}
}
}
}
--------------------------------------------------
2016-06-27 09:55:16 -04:00
This will interpret the `script` parameter as an `inline` script with the `painless` script language and no script parameters. To use a file script use the following syntax:
[source,js]
--------------------------------------------------
{
...,
"aggs" : {
"intraday_return" : {
"sum" : {
"script" : {
"file": "my_script",
"params" : {
"field" : "change"
}
}
}
}
}
}
--------------------------------------------------
TIP: for indexed scripts replace the `file` parameter with an `id` parameter.
===== Value Script
Computing the sum of squares over all stock tick changes:
[source,js]
--------------------------------------------------
{
"aggs" : {
...
"aggs" : {
"daytime_return" : {
"sum" : {
"field" : "change",
2016-06-27 09:55:16 -04:00
"script" : {
"lang": "painless",
"inline": "_value * _value"
}
}
}
}
}
}
--------------------------------------------------
==== Missing value
The `missing` parameter defines how documents that are missing a value should be treated.
By default they will be ignored but it is also possible to treat them as if they
had a value.
[source,js]
--------------------------------------------------
{
"aggs" : {
"total_time" : {
"sum" : {
"field" : "took",
"missing": 100 <1>
}
}
}
}
--------------------------------------------------
<1> Documents without a value in the `took` field will fall into the same bucket as documents that have the value `100`.