It may be a beginner question, but I have some doubts related to size. As per elastic search specs, the maximum value of size can be 10000, I want to validate my understandings below:
Sample Query:
GET testindex-2016.04.14/_search
{
"size": 10000,
"query": {
"bool": {
"must": [
{
"match": {
"type": "TEST"
}
}
]
}
},
"aggs": {
"testAggs": {
"terms": {
"field": "type",
"size": 0
},
"aggs": {
"innerAggs": {
"max": {
"field": "Value"
}
}
}
}
}
}
Response:
{
"took": 6,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 26949,
"max_score": 0,
"hits": [
.....10000 records
]
},
"aggregations": {
"test": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "TEST",
"doc_count": 26949,
"innerAggs": {
"value": 150
}
}
]
}
}
}
1 - If size is set to 10000, and we have more than 200000 records in elastic search satisfying the query, So in query result, I will get the no. of hits to 10000, but the "total" : 200000.
2 - How many records will be available for further aggregations - the no. of hits or the "total" value.
3 - If we set "size" : 0, in this case, we get hits = 0, but how many records will be available for aggregations ?
Please clarify my understanding, and put comments in any doubt in question . Thanks.
