Aggregations along with painless scripted field

Hi ...
can we use aggregations and painless in a scripted field ?

i want to achieve below.

//Query
},
"size": 0,
"_source": {
"excludes": []
},
"aggs": {
"3": {
"terms": {
"field": "alert.keyword",
"size": 2,
"order": {
"1": "desc"
}
},
"aggs": {
"1": {
"cardinality": {
"field": "alert.keyword"
}
}
}
}
}
//Result

{
"took": 140,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 684223,
"max_score": 0,
"hits": []
},
"aggregations": {
"3": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"1": {
"value": 1
},
"key": " Anomaly behavior",
"doc_count": 128
},
{
"1": {
"value": 1
},
"key": " Capability Definitions",
"doc_count": 10
},
{
i want to use key and doc_count in 'if, else' construct to return value through scripted field for visualization it in kibana.

example if [key] == 'Anomaly behavior' && [doc_count] > 50 ;return 10;
else 2;

You can't use doc_count from the terms aggregation in a scripted field, only properties on the object.

My requirements is on the basis of distinct count on a document field create a scripted field. Is there any function or method like distinct, count, sort and dedupe which can be directly used on a document field in painless script. Please shed some light, some example code...

Thank you

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.