Hi,
I'm just new to writing elastic queries. I have the following, but would like to count the number of histogram buckets, per host, that have a count of 0, and I can't quite seem to get it across the line.
I'll have another cup of coffee and try again, but any hints would be gratefully received!
Thanks!
GET /metricbeat-prd-2017.11.14/_search
{
"size": 0,
"aggs": {
"per_host": {
"aggs": {
"per_minute": {
"date_histogram": {
"field": "@timestamp",
"interval": "10s"
}
}
},
"terms": {
"size": 10,
"field": "beat.hostname"
}
}
},
"query": {
"bool": {
"filter": [
{
"regexp": {
"beat.hostname": "appserver[12]"
}
},
{
"term": {
"metricset.name": "process"
}
},
{
"term": {
"system.process.username": "wildfly"
}
},
{
"range": {
"@timestamp": {
"lte": "now",
"gte": "now-2m/m"
}
}
}
]
}
}
}