Hi,
I'm trying to sort and filter result buckets of an ip_range agg and can't find how to do it. my query:
GET /firewall_hits/_search
{
"size": 0,
"aggs": {
"agg1": {
"ip_range": {
"field": "src",
"ranges": [
{
"mask": "10.100.0.0/16"
},
{
"mask": "192.168.0.0/16"
},
{
"mask": "1.168.0.0/16"
}
]
}
}
}
}
result :
{
"took": 1,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 73458077,
"max_score": 0,
"hits": []
},
"aggregations": {
"agg1": {
"buckets": [
{
"key": "1.168.0.0/16",
"from": "1.168.0.0",
"to": "1.168.255.255",
"doc_count": 0
},
{
"key": "10.100.0.0/16",
"from": "10.100.0.0",
"to": "10.100.255.255",
"doc_count": 12855055
},
{
"key": "192.168.0.0/16",
"from": "192.168.0.0",
"to": "192.168.255.255",
"doc_count": 49888908
}
]
}
}
}
- How do I order buckets by doc_count?
- how do i filter buckets where doc_count > 0 ?
Thanks!