Sum Aggregation

A single-value metrics aggregation that sums up numeric values that are extracted from the aggregated documents. These values can be extracted either from specific numeric fields in the documents, or be generated by a provided script.

Assuming the data consists of documents representing stock ticks, where each tick holds the change in the stock price from the previous tick.

{
    "query" : {
        "filtered" : {
            "query" : { "match_all" : {}},
            "filter" : {
                "range" : { "timestamp" : { "from" : "now/1d+9.5h", "to" : "now/1d+16h" }}
            }
        }
    },
    "aggs" : {
        "intraday_return" : { "sum" : { "field" : "change" } }
    }
}

The above aggregation sums up all changes in the today’s trading stock ticks which accounts for the intraday return. The aggregation type is sum and the field setting defines the numeric field of the documents of which values will be summed up. The above will return the following:

{
    ...

    "aggregations": {
        "intraday_return": {
           "value": 2.18
        }
    }
}

The name of the aggregation (intraday_return above) also serves as the key by which the aggregation result can be retrieved from the returned response.

Script

Computing the intraday return based on a script:

{
    ...,

    "aggs" : {
        "intraday_return" : { "sum" : { "script" : "doc['change'].value" } }
    }
}

The script parameter expects an inline script. Use script_id for indexed scripts and script_file for scripts in the config/scripts/ directory.

Value Script

Computing the sum of squares over all stock tick changes:

{
    "aggs" : {
        ...

        "aggs" : {
            "daytime_return" : {
                "sum" : {
                    "field" : "change",
                    "script" : "_value * _value" }
            }
        }
    }
}