Elasticsearch aggregation on multiple fields across multiple indexes

Fields can only be aggregated across indices if they are named alike. There is no wildcard syntax for aggregation fields.

Here is what your mapping currently defines:

INDEX: company-company_databases

TYPE: company_database

FIELD NAMES:

• company_applications.company_system_applications.vendor_name
• company_applications.company_system_applications.system_application.vendor_name

INDEX: applications

TYPE: application

FIELD NAMES:

• company_databases.company_applications.company_system_applications.vendor_name
• company_databases.company_applications.company_system_applications.system_application.vendor_name

As far as Elasticsearch is concerned, these fields have nothing in common (even though part of the path is vendor_name).

If your goal is to aggregate vendor_name across a query that spans the two indices, think about restructuring your indices/mappings to accomplish this.

Note that Elasticsearch doesn't model many-to-many relationships

If you can get away with duplicating Database info across applications, you might be able to re-formulate your relationships as a hierarchy, e.g.:

INDEX: applications

--

TYPE: application

FIELDS: vendor_name, etc...

--

TYPE: database_application

FIELDS: vendor_name, databases.<inner fields>, etc...

--

Then you'd be able to aggregate across types on the same field path vendor_name with the added bonus of querying a single applications index.