Hi good people,
I am using elasticsearch for some logs monitoring and analysis. Sometimes I
need to use aggregation to return distinct values of a field to research
into some issue. I was always wondering if I can run a query based on the
results from aggregation. For now, I used python api to achieve what I
want, by store the results of aggregation in a list and make a new query
search based on the value in the list.
And I was hinted by someone said I can do some research with nested type or
parent/child type. But seems all my data is parsing from plaintext and
structured by grok in Logstash, I don't think I am able to build nested
So you can image that some documents in my case will have the same value
for a specific field. If there is a way to put these documents with the
same value in a field together (even if I really need to reindex) I will
try to implement it and test the performance. But is that possible in es?
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firstname.lastname@example.org.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/23aed5b8-c908-422a-9701-c198f31cb65e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.