Avg aggregation

edit

A single-value metrics aggregation that computes the average of numeric values that are extracted from the aggregated documents. These values can be extracted either from specific numeric fields in the documents, or be generated by a provided script.

Assuming the data consists of documents representing exams grades (between 0 and 100) of students we can average their scores with:

POST /exams/_search?size=0
{
  "aggs": {
    "avg_grade": { "avg": { "field": "grade" } }
  }
}

The above aggregation computes the average grade over all documents. The aggregation type is avg and the field setting defines the numeric field of the documents the average will be computed on. The above will return the following:

{
  ...
  "aggregations": {
    "avg_grade": {
      "value": 75.0
    }
  }
}

The name of the aggregation (avg_grade above) also serves as the key by which the aggregation result can be retrieved from the returned response.

Script

edit

Computing the average grade based on a script:

POST /exams/_search?size=0
{
  "aggs": {
    "avg_grade": {
      "avg": {
        "script": {
          "source": "doc.grade.value"
        }
      }
    }
  }
}

This will interpret the script parameter as an inline script with the painless script language and no script parameters. To use a stored script use the following syntax:

POST /exams/_search?size=0
{
  "aggs": {
    "avg_grade": {
      "avg": {
        "script": {
          "id": "my_script",
          "params": {
            "field": "grade"
          }
        }
      }
    }
  }
}

Value Script

edit

It turned out that the exam was way above the level of the students and a grade correction needs to be applied. We can use value script to get the new average:

POST /exams/_search?size=0
{
  "aggs": {
    "avg_corrected_grade": {
      "avg": {
        "field": "grade",
        "script": {
          "lang": "painless",
          "source": "_value * params.correction",
          "params": {
            "correction": 1.2
          }
        }
      }
    }
  }
}

Missing value

edit

The missing parameter defines how documents that are missing a value should be treated. By default they will be ignored but it is also possible to treat them as if they had a value.

POST /exams/_search?size=0
{
  "aggs": {
    "grade_avg": {
      "avg": {
        "field": "grade",
        "missing": 10     
      }
    }
  }
}

Documents without a value in the grade field will fall into the same bucket as documents that have the value 10.

Histogram fields

edit

When average is computed on histogram fields, the result of the aggregation is the weighted average of all elements in the values array taking into consideration the number in the same position in the counts array.

For example, for the following index that stores pre-aggregated histograms with latency metrics for different networks:

PUT metrics_index/_doc/1
{
  "network.name" : "net-1",
  "latency_histo" : {
      "values" : [0.1, 0.2, 0.3, 0.4, 0.5], 
      "counts" : [3, 7, 23, 12, 6] 
   }
}

PUT metrics_index/_doc/2
{
  "network.name" : "net-2",
  "latency_histo" : {
      "values" :  [0.1, 0.2, 0.3, 0.4, 0.5], 
      "counts" : [8, 17, 8, 7, 6] 
   }
}

POST /metrics_index/_search?size=0
{
  "aggs": {
    "avg_latency":
      { "avg": { "field": "latency_histo" }
    }
  }
}

For each histogram field the avg aggregation adds each number in the values array <1> multiplied by its associated count in the counts array <2>. Eventually, it will compute the average over those values for all histograms and return the following result:

{
  ...
  "aggregations": {
    "avg_latency": {
      "value": 0.29690721649
    }
  }
}