When you perform a top hits aggregation in Elasticsearch, it returns a specified number of top hits from each bucket of documents that have been grouped by another aggregation. Here’s how it works:
1. Elasticsearch applies the input aggregation: Before performing the top hits aggregation, Elasticsearch first applies the specified input aggregation to the index and retrieves the set of buckets that the top hits will be retrieved from. The input aggregation can be any of the supported aggregation types, such as terms, date histograms, or range aggregations.
2. Elasticsearch sorts the documents within each bucket: Next, Elasticsearch sorts the documents within each bucket according to the specified sorting criteria. The sorting criteria can be any combination of field values, such as the timestamp or relevance score.
3. Elasticsearch retrieves the top hits for each bucket: Once the documents have been sorted within each bucket, Elasticsearch retrieves the specified number of top hits from each bucket and returns them as the output of the aggregation.
4. Elasticsearch returns the aggregated results: Once the aggregation is complete, Elasticsearch returns the aggregated results. The output of a top hits aggregation is a set of documents, each representing a top hit from a particular bucket.
For example, let’s say you have an index of customer orders, and each document has a “product” field that represents the product ordered, and a “timestamp” field that represents the date and time the order was placed. You could perform a terms aggregation on the “product” field to group the orders by product, and a top hits aggregation to retrieve the most recent order for each product. Elasticsearch would then sort the orders within each product bucket by timestamp and return the most recent order for each product.
Top hits aggregations can be used in combination with other aggregations to perform complex analyses on your data. By retrieving the most relevant or important documents from each bucket, you can gain insights into patterns and trends in the data, and use that information to make data-driven decisions.