Filter by a regexp inside a terms aggregation

Elastic Stack Elasticsearch
1

Hi,
Is there a way to group by field1 only when field1 matches the following logic :
field1 contains ALL of the keywords in this list : [keyword1, keyword2, keyword3]
I have a working example for 1 keyword but I can't do it with more than 1:

"aggs": {
        "xxx": {
            "terms": {
                "field": "field1",
                "include": ".*keyword1.*"
            }
        }
    }

I would like to implement the regexp on this stackoverflow discussion but it doesn't work because the regexp syntax of Lucene is different :

2

Ideally I would like to add the flags : "ALL" to the regexp to be able to do something like this : ```

"aggs": {
        "xxx": {
            "terms": {
            	"flags": "ALL",
                "field": "field1",
                "include": ".+keyword1.+&.+keyword2.+"
            }
        }
    }
3

Other options would be to :

  • filter this on the back end side. But isn't it less performant ? Elastic is going to aggregate against every possible field where in fact I might be only interested in some of them.
  • I could also try a bucket selection aggregation, but I would hope there is a better way.
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.