Hi, I have a nested field with two properties:
{
"rating": 2
"victim": [{
"ip": "...",
"instanceId": "....""
}]
}
I want to aggregate over the rating and get the IP or InstanceId for each document, not both in the bucket list.
Thanks.
After a lot of searching i found the way via painless:
"terms" : {
"script" : {
"source": "doc['victim.instanceId'].value == null ? doc['victim.ip'] : doc['victim.instanceId']",
"lang": "painless"
},
"missing": "N/A"
}This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.