Hello
I am trying to get docs that answer the query.
But, also want to get 1 doc of each type.
For example, retrieve all the hostnames that have diskspace_usage > 0.3
With the following I am getting the correct results but with repetition.
I want to show each hostname once.
How should I write the query?
GET _search
{
"aggs" : {
"hostnames" : {
"terms" : { "field" : "hostname" ,
"size": 1
}
}
},
"query": {
"bool": {
"must": [
{ "match": { "agent_type": "metricbeat" }},
{ "match": { "metricset_name": "filesystem" }},
{"range": {"diskspace_usage": {
"from": 0.3,
"to": 1.0,
"include_lower": true,
"include_upper": false
}
}
},
{
"range": {
"@timestamp": {
"from": "now-15m",
"to": null,
"include_lower": true,
"include_upper": true
}
}
}
]
}
}
}
Cheers! 