You're viewing version 2.5 of the OpenSearch documentation. This version is no longer maintained. For the latest version, see the current documentation. For information about OpenSearch version maintenance, see Release Schedule and Maintenance Policy.
Aggregate functions
Aggregate functions operate on subsets defined by the GROUP BY
clause. In the absence of a GROUP BY
clause, aggregate functions operate on all elements of the result set. You can use aggregate functions in the GROUP BY
, SELECT
, and HAVING
clauses.
OpenSearch supports the following aggregate functions.
Function | Description |
---|---|
AVG | Returns the average of the results. |
COUNT | Returns the number of results. |
SUM | Returns the sum of the results. |
MIN | Returns the minimum of the results. |
MAX | Returns the maximum of the results. |
VAR_POP or VARIANCE | Returns the population variance of the results after discarding nulls. Returns 0 when there is only one row of results. |
VAR_SAMP | Returns the sample variance of the results after discarding nulls. Returns null when there is only one row of results. |
STD or STDDEV | Returns the sample standard deviation of the results. Returns 0 when there is only one row of results. |
STDDEV_POP | Returns the population standard deviation of the results. Returns 0 when there is only one row of results. |
STDDEV_SAMP | Returns the sample standard deviation of the results. Returns null when there is only one row of results. |
The examples below reference an employees
table. You can try out the examples by indexing the following documents into OpenSearch using the bulk index operation:
PUT employees/_bulk?refresh
{"index":{"_id":"1"}}
{"employee_id": 1, "department":1, "firstname":"Amber", "lastname":"Duke", "sales":1356, "sale_date":"2020-01-23"}
{"index":{"_id":"2"}}
{"employee_id": 1, "department":1, "firstname":"Amber", "lastname":"Duke", "sales":39224, "sale_date":"2021-01-06"}
{"index":{"_id":"6"}}
{"employee_id":6, "department":1, "firstname":"Hattie", "lastname":"Bond", "sales":5686, "sale_date":"2021-06-07"}
{"index":{"_id":"7"}}
{"employee_id":6, "department":1, "firstname":"Hattie", "lastname":"Bond", "sales":12432, "sale_date":"2022-05-18"}
{"index":{"_id":"13"}}
{"employee_id":13,"department":2, "firstname":"Nanette", "lastname":"Bates", "sales":32838, "sale_date":"2022-04-11"}
{"index":{"_id":"18"}}
{"employee_id":18,"department":2, "firstname":"Dale", "lastname":"Adams", "sales":4180, "sale_date":"2022-11-05"}
GROUP BY
The GROUP BY
clause defines subsets of a result set. Aggregate functions operate on these subsets and return one result row for each subset.
You can use an identifier, ordinal, or expression in the GROUP BY
clause.
Using an identifier in GROUP BY
You can specify the field name (column name) to aggregate on in the GROUP BY
clause. For example, the following query returns the department numbers and the total sales for each department:
SELECT department, sum(sales)
FROM employees
GROUP BY department;
department | sum(sales) |
---|---|
1 | 58700 |
2 | 37018 |
Using an ordinal in GROUP BY
You can specify the column number to aggregate on in the GROUP BY
clause. The column number is determined by the column position in the SELECT
clause. For example, the following query is equivalent to the query above. It returns the department numbers and the total sales for each department. It groups the results by the first column of the result set, which is department
:
SELECT department, sum(sales)
FROM employees
GROUP BY 1;
department | sum(sales) |
---|---|
1 | 58700 |
2 | 37018 |
Using an expression in GROUP BY
You can use an expression in the GROUP BY
clause. For example, the following query returns the average sales for each year:
SELECT year(sale_date), avg(sales)
FROM employees
GROUP BY year(sale_date);
year(start_date) | avg(sales) |
---|---|
2020 | 1356.0 |
2021 | 22455.0 |
2022 | 16484.0 |
SELECT
You can use aggregate expressions in the SELECT
clause either directly or as part of a larger expression. In addition, you can use expressions as arguments of aggregate functions.
Using aggregate expressions directly in SELECT
The following query returns the average sales for each department:
SELECT department, avg(sales)
FROM employees
GROUP BY department;
department | avg(sales) |
---|---|
1 | 14675.0 |
2 | 18509.0 |
Using aggregate expressions as part of larger expressions in SELECT
The following query calculates the average commission for the employees of each department as 5% of the average sales:
SELECT department, avg(sales) * 0.05 as avg_commission
FROM employees
GROUP BY department;
department | avg_commission |
---|---|
1 | 733.75 |
2 | 925.45 |
Using expressions as arguments to aggregate functions
The following query calculates the average commission amount for each department. First it calculates the commission amount for each sales
value as 5% of the sales
. Then it determines the average of all commission values:
SELECT department, avg(sales * 0.05) as avg_commission
FROM employees
GROUP BY department;
department | avg_commission |
---|---|
1 | 733.75 |
2 | 925.45 |
COUNT
The COUNT
function accepts arguments, such as *
, or literals, such as 1
. The following table describes how various forms of the COUNT
function operate.
Function type | Description |
COUNT(field) | Counts the number of rows where the value of the given field (or expression) is not null. |
COUNT(*) | Counts the total number of rows in a table. |
COUNT(1) (same as COUNT(*) ) | Counts any non-null literal. |
For example, the following query returns the count of sales for each year:
SELECT year(sale_date), count(sales)
FROM employees
GROUP BY year(sale_date);
year(sale_date) | count(sales) |
---|---|
2020 | 1 |
2021 | 2 |
2022 | 3 |
HAVING
Both WHERE
and HAVING
are used to filter results. The WHERE
filter is applied before the GROUP BY
phase, so you cannot use aggregate functions in a WHERE
clause. However, you can use the WHERE
clause to limit the rows to which the aggregate is then applied.
The HAVING
filter is applied after the GROUP BY
phase, so you can use the HAVING
clause to limit the groups that are included in the results.
HAVING with GROUP BY
You can use aggregate expressions or their aliases defined in a SELECT
clause in a HAVING
condition.
The following query uses an aggregate expression in the HAVING
clause. It returns the number of sales for each employee who made more than one sale:
SELECT employee_id, count(sales)
FROM employees
GROUP BY employee_id
HAVING count(sales) > 1;
employee_id | count(sales) |
---|---|
1 | 2 |
6 | 2 |
The aggregations in a HAVING
clause do not have to be the same as the aggregations in a SELECT
list. The following query uses the count
function in the HAVING
clause but the sum
function in the SELECT
clause. It returns the total sales amount for each employee who made more than one sale:
SELECT employee_id, sum(sales)
FROM employees
GROUP BY employee_id
HAVING count(sales) > 1;
employee_id | sum (sales) |
---|---|
1 | 40580 |
6 | 18120 |
As an extension of the SQL standard, you are not restricted to using only identifiers in the GROUP BY
clause. The following query uses an alias in the GROUP BY
clause and is equivalent to the previous query:
SELECT employee_id as id, sum(sales)
FROM employees
GROUP BY id
HAVING count(sales) > 1;
id | sum (sales) |
---|---|
1 | 40580 |
6 | 18120 |
You can also use an alias for an aggregate expression in the HAVING
clause. The following query returns the total sales for each department where sales exceed $40,000:
SELECT department, sum(sales) as total
FROM employees
GROUP BY department
HAVING total > 40000;
department | total |
---|---|
1 | 58700 |
If an identifier is ambiguous (for example, present both as a SELECT
alias and as an index field), the preference is given to the alias. In the following query the identifier is replaced with the expression aliased in the SELECT
clause:
SELECT department, sum(sales) as sales
FROM employees
GROUP BY department
HAVING sales > 40000;
department | sales |
---|---|
1 | 58700 |
HAVING without GROUP BY
You can use a HAVING
clause without a GROUP BY
clause. In this case, the whole set of data is to be considered one group. The following query will return True
if there is more than one value in the department
column:
SELECT 'True' as more_than_one_department FROM employees HAVING min(department) < max(department);
more_than_one_department |
---|
True |
If all employees in the employee table belonged to the same department, the result would contain zero rows:
more_than_one_department |
---|