Elasticsearch terms aggregation with sub query

Jayabal_K · September 26, 2019, 7:23am

I need to aggregate the docs (term aggregation), based on the another field vale (atleast one occurrence).
For example, I using the api traffic data, I need to get the top api list based on the total doc_count, who has atleast one 200 ok response.

My docs has fields like apiName, responseCode,etc.

Any help on this would be appreciated?
Thanks in advance.

Mark_Harwood · September 27, 2019, 3:19pm

You can either:

Use your aggs but query the docs with a 200 response (this would change the API counts in your aggregations to only the status 200 hits) or
Do 1) to first get a list of api names and then issue a second request with a terms filter on the apiName field with the list of api names. The counts would have 200 and non-200 responses.

Where 2) gets challenging is if the list of api names is extremely large.

system · October 25, 2019, 3:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
REST API to fetch values based on Terms aggregation Elasticsearch	3	399	August 24, 2020
Terms Aggregation and get latest document Elasticsearch	2	195	June 10, 2022
Query term aggregation to count occurence Elasticsearch	1	416	July 5, 2017
Filter terms aggregation in order to see only terms with more than 10 results Elasticsearch	4	650	July 5, 2017
Filter after aggregation Elasticsearch	3	791	September 17, 2019

Elasticsearch terms aggregation with sub query

Related topics