Hello,
I am using a bucket aggregation with min_doc_count: 0
The results are keys that are not present in the database (were deleted).
Where does the bucket aggregation get these keys from.
Here my example (the keys "2.99.0.0\n" and "2.88.0.0\n" do not exist in any docs anymore)
My query:
{
"size": 0,
"_source": {
"excludes": []
},
"aggs": {
"2": {
"terms": {
"field": "fileversion.keyword",
"size": 10,
"order": {
"_term": "desc"
},
"min_doc_count": 0
}
}
},
"stored_fields": [
"*"
],
"script_fields": {},
"docvalue_fields": [
"@timestamp"
],
"query": {
"bool": {
"must": [
{
"match_all": {}
},
{
"range": {
"@timestamp": {
"gte": 1514761200000,
"lte": 1546297199999,
"format": "epoch_millis"
}
}
}
],
"filter": [],
"should": [],
"must_not": []
}
}
}
Response:
{
"took": 18,
"timed_out": false,
"_shards": {
"total": 131,
"successful": 131,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 88079471,
"max_score": 0,
"hits": []
},
"aggregations": {
"2": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 68872185,
"buckets": [
{
"key": "2.99.0.0\n",
"doc_count": 0
},
{
"key": "2.88.0.0\n",
"doc_count": 0
},
{
"key": "2.8.0.14533",
"doc_count": 88524
}
]
}
},
"status": 200
}
I hope my explanation is sufficient.
Any help is much appreciated.