0
0
Elasticsearchquery~10 mins

Range buckets in Elasticsearch - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Concept Flow - Range buckets
Start: Define range buckets
Input data documents
Check each document's field value
Compare value to each range bucket
Assign document to matching bucket(s)
Count documents per bucket
Return buckets with counts
Range buckets group documents by checking if their field values fall within specified numeric ranges, then count how many documents fit each range.
Execution Sample
Elasticsearch
{
  "aggs": {
    "price_ranges": {
      "range": {
        "field": "price",
        "ranges": [
          {"to": 100},
          {"from": 100, "to": 200},
          {"from": 200}
        ]
      }
    }
  }
}
This aggregation groups documents by their 'price' field into three ranges: less than 100, 100 to 200, and greater than or equal to 200.
Execution Table
StepDocument priceCheck range <100Check range 100-200Check range >=200Bucket assigned
150TrueFalseFalseBucket 1 (<100)
2150FalseTrueFalseBucket 2 (100-200)
3250FalseFalseTrueBucket 3 (>=200)
4100FalseTrueFalseBucket 2 (100-200)
599TrueFalseFalseBucket 1 (<100)
6200FalseTrueFalseBucket 2 (100-200)
Exit----All documents processed
💡 All documents checked and assigned to their respective range buckets.
Variable Tracker
VariableStartAfter Doc 1After Doc 2After Doc 3After Doc 4After Doc 5After Doc 6Final
Bucket 1 count01111222
Bucket 2 count00112233
Bucket 3 count00011111
Key Moments - 2 Insights
Why does the document with price 100 go into the 100-200 bucket and not the <100 bucket?
Because the <100 bucket includes prices strictly less than 100, so 100 is not included there. The 100-200 bucket includes prices from 100 up to 200, so 100 fits there as shown in execution_table row 4.
Can a document belong to more than one range bucket?
Yes, a document can belong to more than one range bucket if it falls into multiple ranges (such as overlapping ranges). However, in this example, the ranges are non-overlapping, so each document matches only one bucket as seen in the execution_table.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the bucket assigned for a document with price 99?
ABucket 2 (100-200)
BBucket 1 (<100)
CBucket 3 (>=200)
DNo bucket assigned
💡 Hint
Check row 5 in the execution_table where price 99 is assigned to Bucket 1.
At which step does the bucket 3 count increase for the first time?
AAfter Document 3
BAfter Document 4
CAfter Document 1
DAfter Document 6
💡 Hint
Look at variable_tracker row for Bucket 3 count; it increases from 0 to 1 after Document 3.
If the range for bucket 2 changed to from 101 to 200, where would the document with price 100 be assigned?
ABucket 3 (>=200)
BBucket 2 (101-200)
CNo bucket assigned
DBucket 1 (<100)
💡 Hint
Check the ranges in execution_table and consider that 100 is not in <100 or 101-200, so no bucket matches.
Concept Snapshot
Range buckets group documents by numeric field ranges.
Define ranges with 'from' and/or 'to' values.
Documents assigned to all matching ranges.
Counts show how many documents per bucket.
Ranges should not overlap for clear grouping.
Full Transcript
Range buckets in Elasticsearch group documents by checking if their numeric field values fall within specified ranges. The process starts by defining the ranges, then each document's field value is checked against these ranges. Documents are assigned to all matching buckets, and counts are kept for each bucket. For example, documents with price less than 100 go to the first bucket, prices between 100 and 200 to the second, and prices 200 or more to the third. This grouping helps analyze data distribution by numeric intervals.