I have a use case in which I want to filter the results which have the more than one distinct value.
For example :-
Query - Returns all the distinct models under each different category
{
"aggs": {
"distinct_category": {
"terms": {
"field": "category",
"size": 10
}, "aggs": {
"distinct_model": {
"terms": {
"field": "model",
"size": 10
}
}
}
}
}
}
Result -
{
"took" : 433,
"timed_out" : false,
"_shards" : {
"total" : 32,
"successful" : 32,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : 50764205,
"max_score" : 0.0,
"hits" : [ ]
},
"aggregations" : {
"distinct_category" : {
"doc_count_error_upper_bound" : 915,
"sum_other_doc_count" : 50041707,
"buckets" : [
{
"key" : "Shirt",
"doc_count" : 244,
"distinct_model" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "A",
"doc_count" : 122
},
{
"key" : "B",
"doc_count" : 122
}
]
}
},
{
"key" : "Hoods",
"doc_count" : 168,
"distinct_model" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "C",
"doc_count" : 84
}
]
}
}
]
}
}
}
But I want to return only those records for which the number of distinct model is greater than 1. So I should only get result for "key" : "Shirt" and not for "key" : "Hoods".
I am new to ELK stack, can someone please help me to get the desired result.