I'm trying to form a query that will get the number of unique IP addresses that have a total of 6 or more documents in a given time range. Here is what I have so far:
{
"query": {
"bool": {
"filter": [{
"term": {
"org_id": 1
}
},
{
"term": {
"page.page_type": "post"
}
},
{
"range": {
"date": {
"gte": this.startDate,
"lt": this.endDate
}
}
}
]
}
},
"aggregations": {
"pageviews_per_ip": {
"terms": {
"field": "ip.address",
"min_doc_count": 6
}
}
},
"size": 0
}
The problem is that I can't use the cardinality aggregation to count the number of unique IPs because I am using a conditional "min_doc_count" which the cardinality agg doesn't support.
How can I calculate the number of docs Elasticsearch should return for this query?
Thank you.