Given an index where it contains user login documents, so there is a userid field and a time field. Can I query for all the last login document for each user?
I don't want to build a list of each user on the query because it could be huge.
Thanks!
There's an example of that very question here: https://www.elastic.co/guide/en/elasticsearch/reference/5.4/search-aggregations-bucket-terms-aggregation.html#_filtering_values_with_partitions
Thanks. Maybe its trivial but I'm not looking for the last login time, but rather the entire login document for that time. It would be nice to get that in a single query.
Add a top_hits agg with size:1 sorted by date, reverse order. The partition advice still stands if you have a lot of users.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.