Hello,
I'm new on this forum and I need your help 
I'm looking for a we to "aggregate" values on a field. Let me explain what I'm looking for :
I have documents with this kind of fields :
{
"_id" : "123",
"myfield" : "test_def",
"source.ip": "1.2.3.4"
}
{
"_id" : "456",
"myfield" : "test_abc",
"source.ip": "1.2.3.4"
}
{
"_id" : "789",
"myfield" : "test_abc",
"source.ip": "5.4.3.2"
}
What is easy to do with lens is something like that (with a table) :
source.ip (count)test_abc (count)test_def
1.2.3.4 1 1
5.4.3.2 1 -
What I need now is to keep only source.ip with myfield having value test_abc and test_def and exclude the rest.
source.ip (count)test_abc (count)test_def
1.2.3.4 1 1
I'm sure it's easy to do but I can't find any correct example for that ! So your help here would be appreciate !
Many thanks