I'm trying to figure out if I can aggregate something by the sum of a value field rather than the number of value fields.
I have an events index The events has the following fields: property_id, name, value, timestamp
I'm trying to get an aggregation of the top ten sum of the value fields by property_id.
It's easy enough to get a terms aggregation of events by the property_id for a given event name and then use a child aggregation to sum the value in each bucket.
BUT, if a certain property_id has 100 "repair" events each with a value of 1 and another property_id has 1 "repair" event with a value of 1000, I'd want this property to be the top bucket. Since I can get at most 50 buckets, the property_id with the single "repair" event may not even make the bucket list.
Is it possible to do this?