Details of Top N records

ddramireddy · August 2, 2021, 1:08pm

Hi,

I have an index with following schema:

GroupName,Time,Value

Example values:

G1 2020-01-01 1:00:00. 10
G2 2020-01-01 1:00:00. 15
G3 2020-01-01 1:00:00. 20
G1 2020-01-01 2:00:00. 10
G2 2020-01-01 2:00:00. 20
G3 2020-01-01 2:00:00. 30
G1 2020-01-01 3:00:00. 25
G2 2020-01-01 3:00:00. 10
G3 2020-01-01 3:00:00. 10

Out of above records G3 and G1 has top 2 values 30 and 25 respectively. So, need the all records of G1 and G2.

G1 2020-01-01 1:00:00. 10
G3 2020-01-01 1:00:00. 20
G1 2020-01-01 2:00:00. 10
G3 2020-01-01 2:00:00. 30
G1 2020-01-01 3:00:00. 25
G3 2020-01-01 3:00:00. 10

Is it possible to get this in single elastic query by using aggregations?

spinscale · August 3, 2021, 7:09am

not on top of my head. You could go with a terms agg on the groupname field, that contains a max aggregation for the maximum value for each groupname and sort the terms agg based on that.

Then with a second query you could filter by groupname G1 or G3 if those are the top two max values from the first request.

Topic		Replies	Views
How to pass the aggs top 1 value to the query Elastic Observability elastic-stack-alerting	6	608	April 6, 2023
Get top 10 data for each group Elasticsearch kql-kibana-query-language , eql-elastic-query-language	1	1180	April 6, 2023
Elasticsearch query to group on different parameter and max of different parameter Elasticsearch	3	2446	July 5, 2017
Elasticsearch: aggregation and select docs only having max value of field Elasticsearch	3	2911	August 28, 2019
GROUP BY with only one query Elasticsearch	2	435	July 25, 2020

Details of Top N records

Related topics