Elasticsearch terms aggregation with sub query

Jayabal_K · September 26, 2019, 7:23am

I need to aggregate the docs (term aggregation), based on the another field vale (atleast one occurrence).
For example, I using the api traffic data, I need to get the top api list based on the total doc_count, who has atleast one 200 ok response.

My docs has fields like apiName, responseCode,etc.

Any help on this would be appreciated?
Thanks in advance.

Mark_Harwood · September 27, 2019, 3:19pm

You can either:

Use your aggs but query the docs with a 200 response (this would change the API counts in your aggregations to only the status 200 hits) or
Do 1) to first get a list of api names and then issue a second request with a terms filter on the apiName field with the list of api names. The counts would have 200 and non-200 responses.

Where 2) gets challenging is if the list of api names is extremely large.

system · October 25, 2019, 3:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.