Filter facet by term count

Elastic Stack Elasticsearch
1

Hello, I have an apache log in ES and I want to get top daily IPs having
hit count > 100, for example. Tried to use scripting but i have no idea how
to get to 'count' value of a term. Any advice?
Thank you.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/e80ef007-1897-4a03-b5d9-79ce123af8d6%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

2

This is typically something that you can do using a terms aggregation[1].
It would look something like:

{
"aggs" : {
"top_ips" : {
"terms" : {
"field" : "ip_address", // <- change field name accordingly
"min_doc_count": 100
}
}
}
}

[1]

On Fri, Feb 14, 2014 at 7:11 AM, Anton T at1650702@gmail.com wrote:

Hello, I have an apache log in ES and I want to get top daily IPs having
hit count > 100, for example. Tried to use scripting but i have no idea how
to get to 'count' value of a term. Any advice?
Thank you.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/e80ef007-1897-4a03-b5d9-79ce123af8d6%40googlegroups.com
.
For more options, visit https://groups.google.com/groups/opt_out.

--
Adrien Grand

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAL6Z4j79draJz5HTV6%2B3iWWj56KdwoDiEX%3Ds9faXT%2Bqe1HLXYg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

3

Wow. Have to upgrade ES from 0.9 to 1.x.
Thank you.

On Friday, February 14, 2014 1:08:30 PM UTC+4, Adrien Grand wrote:

This is typically something that you can do using a terms aggregation[1].
It would look something like:

{
"aggs" : {
"top_ips" : {
"terms" : {
"field" : "ip_address", // <- change field name accordingly
"min_doc_count": 100
}
}
}
}

[1]
Elasticsearch Platform — Find real-time answers at scale | Elastic

On Fri, Feb 14, 2014 at 7:11 AM, Anton T <at16...@gmail.com <javascript:>>wrote:

Hello, I have an apache log in ES and I want to get top daily IPs having
hit count > 100, for example. Tried to use scripting but i have no idea how
to get to 'count' value of a term. Any advice?
Thank you.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/e80ef007-1897-4a03-b5d9-79ce123af8d6%40googlegroups.com
.
For more options, visit https://groups.google.com/groups/opt_out.

--
Adrien Grand

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/e55b75fe-8fc2-4478-ba7d-007cf471691d%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.