Hi,
I have the following script which gives me the 10 most used applications. I want to expand this by getting the top 10 applications for each unique value in the customers field. Is this possible?
The goal is to apply a set document id such as "customerid-yyyy-mm-dd" and make a lightweight index where all the data is "precalculated" every couple of hours instead of doing a full search every time for users that only need some static data.
{
"aggs": {
"2": {
"terms": {
"field": "application",
"order": {
"1": "desc"
},
"size": 10
},
"aggs": {
"1": {
"sum": {
"script": {
"source": "doc['in_bytes'].value + doc['out_bytes'].value",
"lang": "painless"
}
}
}
}
}
},
"query": {
"bool": {
"must": [],
"filter": [
{
"match_all": {}
},
{
"range": {
"@timestamp": {
"gte": "now-24h"
}
}
}
]
}
}
}