Execute aggs query for each unqiue value?

Sjaak01 · April 1, 2021, 8:38am

Hi,

I have the following script which gives me the 10 most used applications. I want to expand this by getting the top 10 applications for each unique value in the customers field. Is this possible?

The goal is to apply a set document id such as "customerid-yyyy-mm-dd" and make a lightweight index where all the data is "precalculated" every couple of hours instead of doing a full search every time for users that only need some static data.

{
  "aggs": {
    "2": {
      "terms": {
        "field": "application",
        "order": {
          "1": "desc"
        },
        "size": 10
      },
      "aggs": {
        "1": {
          "sum": {
            "script": {
              "source": "doc['in_bytes'].value + doc['out_bytes'].value",
              "lang": "painless"
            }
          }
        }
      }
    }
  },
  "query": {
    "bool": {
      "must": [],
      "filter": [
        {
          "match_all": {}
        },
        {
        "range": {
          "@timestamp": {
            "gte": "now-24h"
            }
          }
        }
      ]
    }
  }
}

system · April 29, 2021, 8:39am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grouping with Elasticsearch (aggs) to join a field into a list of values Elasticsearch	2	459	June 7, 2018
Apply script on aggregation bucket Elasticsearch	1	420	February 8, 2018
How do I get all the distinct field values that satisfy a particular query Elasticsearch	2	686	July 6, 2017
Need all distinct values .. Elasticsearch returns 1000 only Elasticsearch	1	403	January 21, 2020
How to execute scripts in Elastic aggregation Elasticsearch	1	294	April 1, 2020

Execute aggs query for each unqiue value?

Related topics