Collect fields into the hash

I have the following index:
{
"message" => "Thu Jun 05 08:00:00 2014 RID 978a1861-1401973200416
URL ..... ",
"@version" => "1",
"@timestamp" => "2014-08-22T15:46:22.729Z",
"host" => "........",
"kw" => "Ready Mix Concrete",
"town" => "Zephyrhills",
"state" => "FL",
"ip" => "63.251.207.54",
"src" => "comlocal5"
}
{
"message" => "Thu Jun 05 08:00:00 2014 RID 978a1861-1401973200435
URL ..... ",
"@version" => "1",
"@timestamp" => "2014-08-22T15:46:22.729Z",
"host" => "....",
"kw" => "video",
"town" => "Norfolk",
"state" => "VA",
"ip" => "216.54.94.2",
"src" => "Lsxppc21128"
}
For simplicity only 2 documents.

I want to get hash with field "kw" as a key and frequency as a value.
In this case it will be
hash{"Ready Mix Concrete} => 1
hash{video} => 1

I know that I should possibly use aggregates, but it did not work for me:

curl -XGET 'http://localhost:9200/_search?search_type=count' -d
'{"aggregations":{"terms":{"field":"kw"}}}'

{"took":24,"timed_out":false,"_shards":{"total":10,"successful":10,"failed":0},"hits":{"total":4,"max_score":0.0,"hits":}}

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/173839c3-62ad-41dd-927b-99628d114a63%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Hello Vitaly ,

The format of your query is wrong.
Here is the right syntax -

curl -XGET 'http://localhost:9200/es/_search?search_type=count&pretty' -d
'{"aggregations":{"kwStats" : {"terms":{"field":"kw"}}}}'

Thanks
Vineeth

On Mon, Aug 25, 2014 at 8:38 PM, vitaly vitaly.bulgakov@gmail.com wrote:

I have the following index:
{
"message" => "Thu Jun 05 08:00:00 2014 RID 978a1861-1401973200416
URL ..... ",
"@version" => "1",
"@timestamp" => "2014-08-22T15:46:22.729Z",
"host" => "........",
"kw" => "Ready Mix Concrete",
"town" => "Zephyrhills",
"state" => "FL",
"ip" => "63.251.207.54",
"src" => "comlocal5"
}
{
"message" => "Thu Jun 05 08:00:00 2014 RID 978a1861-1401973200435
URL ..... ",
"@version" => "1",
"@timestamp" => "2014-08-22T15:46:22.729Z",
"host" => "....",
"kw" => "video",
"town" => "Norfolk",
"state" => "VA",
"ip" => "216.54.94.2",
"src" => "Lsxppc21128"
}
For simplicity only 2 documents.

I want to get hash with field "kw" as a key and frequency as a value.
In this case it will be
hash{"Ready Mix Concrete} => 1
hash{video} => 1

I know that I should possibly use aggregates, but it did not work for me:

curl -XGET 'http://localhost:9200/_search?search_type=count' -d
'{"aggregations":{"terms":{"field":"kw"}}}'

{"took":24,"timed_out":false,"_shards":{"total":10,"successful":10,"failed":0},"hits":{"total":4,"max_score":0.0,"hits":}}

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/173839c3-62ad-41dd-927b-99628d114a63%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/173839c3-62ad-41dd-927b-99628d114a63%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAGdPd5kDwFUJ3V5ztt%2BRBHxXMi8D2nQ9cjgNtiB84XxsK94%2B0A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.