This version of the OpenSearch documentation is no longer maintained. For the latest version, see the current documentation. For information about OpenSearch version maintenance, see Release Schedule and Maintenance Policy.

Geohash grid aggregations

The geohash_grid aggregation buckets documents for geographical analysis. It organizes a geographical region into a grid of smaller regions of different sizes or precisions. Lower values of precision represent larger geographical areas, and higher values represent smaller, more precise geographical areas. You can aggregate documents on geopoint or geoshape fields using a geohash grid aggregation. One notable difference is that a geopoint is only present in one bucket, but a geoshape is counted in all geohash grid cells with which it intersects.

The number of results returned by a query might be far too many to display each geopoint individually on a map. The geohash_grid aggregation buckets nearby geopoints together by calculating the geohash for each point, at the level of precision that you define (between 1 to 12; the default is 5). To learn more about geohash, see Wikipedia.

The web logs example data is spread over a large geographical area, so you can use a lower precision value. You can zoom in on this map by increasing the precision value:

  1. GET opensearch_dashboards_sample_data_logs/_search
  2. {
  3. "size": 0,
  4. "aggs": {
  5. "geo_hash": {
  6. "geohash_grid": {
  7. "field": "geo.coordinates",
  8. "precision": 4
  9. }
  10. }
  11. }
  12. }

copy

Example response

  1. ...
  2. "aggregations" : {
  3. "geo_hash" : {
  4. "buckets" : [
  5. {
  6. "key" : "c1cg",
  7. "doc_count" : 104
  8. },
  9. {
  10. "key" : "dr5r",
  11. "doc_count" : 26
  12. },
  13. {
  14. "key" : "9q5b",
  15. "doc_count" : 20
  16. },
  17. {
  18. "key" : "c20g",
  19. "doc_count" : 19
  20. },
  21. {
  22. "key" : "dr70",
  23. "doc_count" : 18
  24. }
  25. ...
  26. ]
  27. }
  28. }
  29. }

You can visualize the aggregated response on a map using OpenSearch Dashboards.

The more accurate you want the aggregation to be, the more resources OpenSearch consumes because of the number of buckets that the aggregation has to calculate. By default, OpenSearch does not generate more than 10,000 buckets. You can change this behavior by using the size attribute, but keep in mind that the performance might suffer for very wide queries consisting of thousands of buckets.

Aggregating geoshapes

To run an aggregation on a geoshape field, first create an index and map the location field as a geo_shape:

  1. PUT national_parks
  2. {
  3. "mappings": {
  4. "properties": {
  5. "location": {
  6. "type": "geo_shape"
  7. }
  8. }
  9. }
  10. }

copy

Next, index some documents into the national_parks index:

  1. PUT national_parks/_doc/1
  2. {
  3. "name": "Yellowstone National Park",
  4. "location":
  5. {"type": "envelope","coordinates": [ [-111.15, 45.12], [-109.83, 44.12] ]}
  6. }

copy

  1. PUT national_parks/_doc/2
  2. {
  3. "name": "Yosemite National Park",
  4. "location":
  5. {"type": "envelope","coordinates": [ [-120.23, 38.16], [-119.05, 37.45] ]}
  6. }

copy

  1. PUT national_parks/_doc/3
  2. {
  3. "name": "Death Valley National Park",
  4. "location":
  5. {"type": "envelope","coordinates": [ [-117.34, 37.01], [-116.38, 36.25] ]}
  6. }

copy

You can run an aggregation on the location field as follows:

  1. GET national_parks/_search
  2. {
  3. "aggregations": {
  4. "grouped": {
  5. "geohash_grid": {
  6. "field": "location",
  7. "precision": 1
  8. }
  9. }
  10. }
  11. }

copy

When aggregating geoshapes, one geoshape can be counted for multiple buckets because it overlaps multiple grid cells:

Response

  1. {
  2. "took" : 24,
  3. "timed_out" : false,
  4. "_shards" : {
  5. "total" : 1,
  6. "successful" : 1,
  7. "skipped" : 0,
  8. "failed" : 0
  9. },
  10. "hits" : {
  11. "total" : {
  12. "value" : 3,
  13. "relation" : "eq"
  14. },
  15. "max_score" : 1.0,
  16. "hits" : [
  17. {
  18. "_index" : "national_parks",
  19. "_id" : "1",
  20. "_score" : 1.0,
  21. "_source" : {
  22. "name" : "Yellowstone National Park",
  23. "location" : {
  24. "type" : "envelope",
  25. "coordinates" : [
  26. [
  27. -111.15,
  28. 45.12
  29. ],
  30. [
  31. -109.83,
  32. 44.12
  33. ]
  34. ]
  35. }
  36. }
  37. },
  38. {
  39. "_index" : "national_parks",
  40. "_id" : "2",
  41. "_score" : 1.0,
  42. "_source" : {
  43. "name" : "Yosemite National Park",
  44. "location" : {
  45. "type" : "envelope",
  46. "coordinates" : [
  47. [
  48. -120.23,
  49. 38.16
  50. ],
  51. [
  52. -119.05,
  53. 37.45
  54. ]
  55. ]
  56. }
  57. }
  58. },
  59. {
  60. "_index" : "national_parks",
  61. "_id" : "3",
  62. "_score" : 1.0,
  63. "_source" : {
  64. "name" : "Death Valley National Park",
  65. "location" : {
  66. "type" : "envelope",
  67. "coordinates" : [
  68. [
  69. -117.34,
  70. 37.01
  71. ],
  72. [
  73. -116.38,
  74. 36.25
  75. ]
  76. ]
  77. }
  78. }
  79. }
  80. ]
  81. },
  82. "aggregations" : {
  83. "grouped" : {
  84. "buckets" : [
  85. {
  86. "key" : "9",
  87. "doc_count" : 3
  88. },
  89. {
  90. "key" : "c",
  91. "doc_count" : 1
  92. }
  93. ]
  94. }
  95. }
  96. }

Currently, OpenSearch supports geoshape aggregation through the API but not in OpenSearch Dashboards visualizations. If you’d like to see geoshape aggregation implemented for visualizations, upvote the related GitHub issue.

Supported parameters

Geohash grid aggregation requests support the following parameters.

ParameterData typeDescription
fieldStringThe field on which aggregation is performed. This field must be mapped as a geo_point or geo_shape field. If the field contains an array, all array values are aggregated. Required.
precisionIntegerThe zoom level used to determine grid cells for bucketing results. Valid values are in the [0, 15] range. Optional. Default is 5.
boundsObjectThe bounding box for filtering geopoints and geoshapes. The bounding box is defined by the upper-left and lower-right vertices. Only shapes that intersect with this bounding box or are completely enclosed by this bounding box are included in the aggregation output. The vertices are specified as geopoints in one of the following formats:
- An object with a latitude and longitude
- An array in the [longitude, latitude] format
- A string in the “latitude,longitude” format
- A geohash
- WKT
See the geopoint formats for formatting examples. Optional.
sizeIntegerThe maximum number of buckets to return. When there are more buckets than size, OpenSearch returns buckets with more documents. Optional. Default is 10,000.
shard_sizeIntegerThe maximum number of buckets to return from each shard. Optional. Default is max (10, size · number of shards), which provides a more accurate count of more highly prioritized buckets.