Hello,
I have a query like below
{ "size" : 0,
"query" :
{
"bool":{
"filter":[{
"range": {
"TXN_DATE": {
"gte": "20171226","lte": "20171231"
}
}},
{
"range": {
"LOCAL_AMOUNT": {
"gte": "200000"
}
}}]
}
}
,
"aggs":{
"by_customer":{
"terms": {
"field": "CUSTOMER_NO",
"size":10000
},
"aggs": {
"last_trx_value": {
"top_hits": {
"sort": [
{
"TXN_DATE_TIME": {
"order": "desc"
}
}
],
"_source": {
"includes": ["CARD_NO"]
},
"size":1
}
}
}
}
}
}
which gives me the result as follows -
{
"took": 41,
"timed_out": false,
"_shards": {
"total": 3,
"successful": 3,
"failed": 0
},
"hits": {
"total": 17343,
"max_score": 0,
"hits": []
},
"aggregations": {
"by_customer": {
"doc_count_error_upper_bound": 10,
"sum_other_doc_count": 17331,
"buckets": [
{
"key": "80303757",
"doc_count": 12,
"last_trx_value": {
"hits": {
"total": 12,
"max_score": null,
"hits": [
{
"_index": "xxxxx-27122017",
"_type": "event",
"_id": "78831830-0ac8-42c0-9975-291f94e9f834",
"_score": null,
"_source": {
"CARD_NO": "5520961901023096"
},
"sort": [
1514381820000
]
}
]
}
}
}
]
}
}
}
I have two questions here -
-
How can i run script like below on bucket doc_count and add result to a response
"script": "doc_count >= 3 ? 1:0" -
We need to export aggregated result to csv file. What is the best way to do it ?
Thanks,