Elasticsearch 8.5 how to Filter Aggregations by Date Range with Missing Values in Nested Documents
I'm maintaining legacy code that I'm integrating two systems and I'm building a feature where I need help solving I've searched everywhere and can't find a clear answer... I am experiencing an scenario with Elasticsearch 8.5 while trying to filter aggregation results by a date range on nested documents that may contain missing values. My index structure includes nested documents for 'comments' on 'posts', where each comment has a 'timestamp' and possibly other fields that may not always be populated. Hereโs a simplified mapping of my index: ```json { "mappings": { "properties": { "posts": { "type": "nested", "properties": { "title": { "type": "text" }, "comments": { "type": "nested", "properties": { "timestamp": { "type": "date" }, "content": { "type": "text" } } } } } } } } ``` In my query, I want to aggregate the number of comments made in the last 30 days. Hereโs the aggregation query Iโm using: ```json { "query": { "nested": { "path": "posts.comments", "query": { "range": { "posts.comments.timestamp": { "gte": "now-30d/d", "lt": "now/d" } } } } }, "aggs": { "comments_count": { "nested": { "path": "posts.comments" }, "aggs": { "comments_filtered": { "filter": { "range": { "posts.comments.timestamp": { "gte": "now-30d/d", "lt": "now/d" } } }, "aggs": { "count": { "value_count": { "field": "posts.comments.timestamp" } } } } } } } } ``` However, when I run this query, I receive an empty result set even though there are comments with valid timestamps in the last 30 days. I suspect this might be related to how I'm filtering on the nested documents where some comments might not have the 'timestamp' field populated. The response I get is: ```json { "aggregations": { "comments_count": { "doc_count": 0, "comments_filtered": { "doc_count": 0, "count": { "value": 0 } } } } } ``` I've tried to ensure that the query correctly targets the nested documents but I need to determine if the missing 'timestamp' fields are causing the scenario or if it's an aggregation question. Is there a known workaround for handling such cases, or am I missing something in my query structure? I'd really appreciate any guidance on this. I appreciate any insights! Cheers for any assistance! What am I doing wrong? Is there a better approach?