My index contains the "IP" field. While there are ~4000 records in my index, there are only ~10 unique IPs in it. I want an API call which will return the frequency of occurrence of each IP in the index.
I have developed a visualization for the same, but I need the API call too.
Also, is there a way to extract API calls used in the visualizations?
Here's a solution I've tried.
GET /trial23/_search
{
"aggs": {
"path_count": {
"terms": {
"field": "path.keyword",
"size": 35
}
}
},
"size": 0
}
The output is like:
{
"took": 247,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 47673976,
"max_score": 0,
"hits": []
},
"aggregations": {
"path_count": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 103,
"buckets": [
{
"key": "/home/xyz/data/day=2018-09-20/hour=13/abc_000000_0.gz",
"doc_count": 8166850
},
{
"key": "/home/xyz/data/day=2018-09-20/hour=13/abc_6713_000002_0.gz",
"doc_count": 8162160
},
...
But I want to remove the initial fields like took, timed_out etc., and only keep the buckets field.
Any suggestions?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.