After using term aggregation search api will not get the desired result. Tried everything ?Help me out

bharat_bisht · November 28, 2014, 6:41pm

Hey guys,
I am stuck in the problem like currently i'm using the term aggregation
nested condition to search the top IP address count used by each users.
My condition is like that in my data i have users and each user performing
n number of activities using more then one IP's.

So, my desired result would be like below
username ip (which is used more) count (how many time that ip used)

array{
"aggs" : {
"group_by_username" : {
"terms":{
"field" : "username"
},
"aggs":{
"src_ip":{
"terms":{
"field":"src_ip"
}
}
}
}
},
"size":0
}

But didn't get the desired result. Can anyone help me out?

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/da705866-99d5-41d9-8e28-76298bb0645a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

jpountz · November 28, 2014, 10:15pm

What is the issue with this aggregation?

On Fri, Nov 28, 2014 at 7:41 PM, bharat bisht bharatbisht27@gmail.com
wrote:

Hey guys,
I am stuck in the problem like currently i'm using the term aggregation
nested condition to search the top IP address count used by each users.
My condition is like that in my data i have users and each user performing
n number of activities using more then one IP's.

So, my desired result would be like below
username ip (which is used more) count (how many time that ip used)

array{
"aggs" : {
"group_by_username" : {
"terms":{
"field" : "username"
},
"aggs":{
"src_ip":{
"terms":{
"field":"src_ip"
}
}
}
}
},
"size":0
}

But didn't get the desired result. Can anyone help me out?

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/da705866-99d5-41d9-8e28-76298bb0645a%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/da705866-99d5-41d9-8e28-76298bb0645a%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
Adrien Grand

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAL6Z4j5ntzPXi%3D_Q91aPmbGJTfd_NCYwJUNQDvtRtbVEHVXbvg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

bharat_bisht · December 1, 2014, 9:58am

Actually I am not getting the desired result by using the below mentioned
aggregation.

"username ip (which is used more) count (how many time that ip used)"
that would be my expected result and i dont want to use more then one curl
call for this result. I want only one search api by this i can get what i
want.

So, i tried this aggregation but didn't get the count (how many times that
IP used) and also want to show only the IP who have TOP count. For further
understanding see below.

User 1 ---IP1 --- count (11) mean that IP used most by user1
---IP2 ---count(4)
---IP3 ---count(1)

User 2 ---IP1 --- count (8) mean that IP used most by user2
---IP2 ---count(7)
---IP3 ---count(3)

User 3 ---IP1 --- count (10) mean that IP used most by user3
---IP2 ---count(9)
---IP3 ---count(8)

So the result would be like this using only one query,

User 1 ---IP1 --- count (11) mean that IP used most by user1
User 2 ---IP1 --- count (8) mean that IP used most by user2
User 3 ---IP1 --- count (10) mean that IP used most by user3

Note : IPs are different for each user.

On Saturday, November 29, 2014 3:45:46 AM UTC+5:30, Adrien Grand wrote:

What is the issue with this aggregation?

On Fri, Nov 28, 2014 at 7:41 PM, bharat bisht <bharat...@gmail.com
<javascript:>> wrote:

Hey guys,
I am stuck in the problem like currently i'm using the term aggregation
nested condition to search the top IP address count used by each users.
My condition is like that in my data i have users and each user
performing n number of activities using more then one IP's.

So, my desired result would be like below
username ip (which is used more) count (how many time that ip used)

array{
"aggs" : {
"group_by_username" : {
"terms":{
"field" : "username"
},
"aggs":{
"src_ip":{
"terms":{
"field":"src_ip"
}
}
}
}
},
"size":0
}

But didn't get the desired result. Can anyone help me out?

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/da705866-99d5-41d9-8e28-76298bb0645a%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/da705866-99d5-41d9-8e28-76298bb0645a%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
Adrien Grand

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/7407fa4f-4b29-44cf-8cfa-0b2b44a52171%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.