Elasticsearch terms aggregation with sub query

Jayabal_K · September 26, 2019, 7:23am

I need to aggregate the docs (term aggregation), based on the another field vale (atleast one occurrence).
For example, I using the api traffic data, I need to get the top api list based on the total doc_count, who has atleast one 200 ok response.

My docs has fields like apiName, responseCode,etc.

Any help on this would be appreciated?
Thanks in advance.

Mark_Harwood · September 27, 2019, 3:19pm

You can either:

Use your aggs but query the docs with a 200 response (this would change the API counts in your aggregations to only the status 200 hits) or
Do 1) to first get a list of api names and then issue a second request with a terms filter on the apiName field with the list of api names. The counts would have 200 and non-200 responses.

Where 2) gets challenging is if the list of api names is extremely large.

Topic		Replies	Views
Elasticsearch term aggregations : use case for a single field Elasticsearch	2	446	July 15, 2020
Search within results Elasticsearch	5	503	December 16, 2019
I want to return only terms of a field Elasticsearch	9	609	November 6, 2019
Terms Aggregation return multiple fields (min_doc_count: 0) Elasticsearch	0	1007	February 12, 2019
How can I get full document from term aggregation on a specific field? Elasticsearch	0	660	November 28, 2016

Elasticsearch terms aggregation with sub query

Related topics