Execute aggs query for each unqiue value?

Sjaak01 · April 1, 2021, 8:38am

Hi,

I have the following script which gives me the 10 most used applications. I want to expand this by getting the top 10 applications for each unique value in the customers field. Is this possible?

The goal is to apply a set document id such as "customerid-yyyy-mm-dd" and make a lightweight index where all the data is "precalculated" every couple of hours instead of doing a full search every time for users that only need some static data.

{
  "aggs": {
    "2": {
      "terms": {
        "field": "application",
        "order": {
          "1": "desc"
        },
        "size": 10
      },
      "aggs": {
        "1": {
          "sum": {
            "script": {
              "source": "doc['in_bytes'].value + doc['out_bytes'].value",
              "lang": "painless"
            }
          }
        }
      }
    }
  },
  "query": {
    "bool": {
      "must": [],
      "filter": [
        {
          "match_all": {}
        },
        {
        "range": {
          "@timestamp": {
            "gte": "now-24h"
            }
          }
        }
      ]
    }
  }
}

system · April 29, 2021, 8:39am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
DISTINCT values DSL query Elasticsearch	3	9285	May 18, 2022
How to optimize this agg search elasticsearch? Elasticsearch runtime-fields	1	329	September 2, 2022
Collect first document from each bucket Elasticsearch	3	576	September 9, 2020
Aggregation with script code with previous result Elasticsearch	1	106	March 7, 2024
Access aggregation key inside script Elasticsearch	1	214	October 18, 2022

Execute aggs query for each unqiue value?

Related Topics