Our data in ES looks like:
{ "event": "w", "environment": "abc"}
{ "event": "w", "environment": "def"}
{ "event": "z", "environment": "abc"}
ES version is 6.5.1
I want to find all the events which happened in more than 1 environment. In the example it should be event "w" only because it's happened in both "abc" and "def" environments.
Can I query it from ES in that way?
I suppose that each line is an own document: Then you could use a terms aggregation on the environment field.
It works!
Thank you, Alexander
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.