Can I search a query based on a results from aggregations?

Hi good people,

I am using elasticsearch for some logs monitoring and analysis. Sometimes I
need to use aggregation to return distinct values of a field to research
into some issue. I was always wondering if I can run a query based on the
results from aggregation. For now, I used python api to achieve what I
want, by store the results of aggregation in a list and make a new query
search based on the value in the list.

And I was hinted by someone said I can do some research with nested type or
parent/child type. But seems all my data is parsing from plaintext and
structured by grok in Logstash, I don't think I am able to build nested
type.

So you can image that some documents in my case will have the same value
for a specific field. If there is a way to put these documents with the
same value in a field together (even if I really need to reindex) I will
try to implement it and test the performance. But is that possible in es?

Cheers,

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/23aed5b8-c908-422a-9701-c198f31cb65e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.