Avg aggregation

Avg aggregation

A single-value metrics aggregation that computes the average of numeric values that are extracted from the aggregated documents. These values can be extracted either from specific numeric fields in the documents.

Assuming the data consists of documents representing exams grades (between 0 and 100) of students we can average their scores with:

  1. POST /exams/_search?size=0
  2. {
  3. "aggs": {
  4. "avg_grade": { "avg": { "field": "grade" } }
  5. }
  6. }

The above aggregation computes the average grade over all documents. The aggregation type is avg and the field setting defines the numeric field of the documents the average will be computed on. The above will return the following:

  1. {
  2. ...
  3. "aggregations": {
  4. "avg_grade": {
  5. "value": 75.0
  6. }
  7. }
  8. }

The name of the aggregation (avg_grade above) also serves as the key by which the aggregation result can be retrieved from the returned response.

Script

Let’s say the exam was exceedingly difficult, and you need to apply a grade correction. Average a runtime field to get a corrected average:

  1. POST /exams/_search?size=0
  2. {
  3. "runtime_mappings": {
  4. "grade.corrected": {
  5. "type": "double",
  6. "script": {
  7. "source": "emit(Math.min(100, doc['grade'].value * params.correction))",
  8. "params": {
  9. "correction": 1.2
  10. }
  11. }
  12. }
  13. },
  14. "aggs": {
  15. "avg_corrected_grade": {
  16. "avg": {
  17. "field": "grade.corrected"
  18. }
  19. }
  20. }
  21. }

Missing value

The missing parameter defines how documents that are missing a value should be treated. By default they will be ignored but it is also possible to treat them as if they had a value.

  1. POST /exams/_search?size=0
  2. {
  3. "aggs": {
  4. "grade_avg": {
  5. "avg": {
  6. "field": "grade",
  7. "missing": 10
  8. }
  9. }
  10. }
  11. }

Documents without a value in the grade field will fall into the same bucket as documents that have the value 10.

Histogram fields

When average is computed on histogram fields, the result of the aggregation is the weighted average of all elements in the values array taking into consideration the number in the same position in the counts array.

For example, for the following index that stores pre-aggregated histograms with latency metrics for different networks:

  1. PUT metrics_index/_doc/1
  2. {
  3. "network.name" : "net-1",
  4. "latency_histo" : {
  5. "values" : [0.1, 0.2, 0.3, 0.4, 0.5],
  6. "counts" : [3, 7, 23, 12, 6]
  7. }
  8. }
  9. PUT metrics_index/_doc/2
  10. {
  11. "network.name" : "net-2",
  12. "latency_histo" : {
  13. "values" : [0.1, 0.2, 0.3, 0.4, 0.5],
  14. "counts" : [8, 17, 8, 7, 6]
  15. }
  16. }
  17. POST /metrics_index/_search?size=0
  18. {
  19. "aggs": {
  20. "avg_latency":
  21. { "avg": { "field": "latency_histo" }
  22. }
  23. }
  24. }

For each histogram field the avg aggregation adds each number in the values array <1> multiplied by its associated count in the counts array <2>. Eventually, it will compute the average over those values for all histograms and return the following result:

  1. {
  2. ...
  3. "aggregations": {
  4. "avg_latency": {
  5. "value": 0.29690721649
  6. }
  7. }
  8. }