I have the following ES query:
GET my-index/_search
{
"size": 0,
"aggs": {
"my_bucket": {
"composite": {
"size": 10000,
"sources": [
{
"stk1": {
"terms": {
"field": "calling_number.keyword"
}
}
},
{
"stk2": {
"terms": {
"field": "called_number.keyword"
}
}
}
]
}
}
}
}
Here is the output:
{
"took" : 0,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 4,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
},
"aggregations" : {
"my_bucket" : {
"after_key" : {
"stk1" : "9",
"stk2" : "99"
},
"buckets" : [
{
"key" : {
"stk1" : "8",
"stk2" : "99"
},
"doc_count" : 1
},
{
"key" : {
"stk1" : "9",
"stk2" : "98"
},
"doc_count" : 1
},
{
"key" : {
"stk1" : "9",
"stk2" : "99"
},
"doc_count" : 2
}
]
}
}
}
I want to filter the buckets by doc_count >= 3
, basically to exclude everything that is not >= 3. The result from this query will be used in Watcher to monitor activities which exceedes some threshold, in my case 3