Get unique values from a field of all docs matching a top_hits aggregation

Elastic Stack Elasticsearch
1

Hi,
I'm new to ElasticSearch and am stuck with a query problem.

I have docs of the following form (simplified):

{   
    ...
    "mailProvider": "gmail.com",
    "mxHost1": {
      "name": "aspmx.l.google.com",
      ...
    },
    "mxHost2": {
      "name": "aspmx2.googlemail.com",
      ...
    },
    "mxHost3": {
      "name": "aspmx3.googlemail.com",
      ...
    }
}

With the following query, I get the top values for the mailProvider field:

POST /results/_search?size=0
{
    "aggs": {
        "top_providers": {
            "terms": {
                "field": "mailProvider.keyword",
                "size": 3
            }
        }
    }
}

This query results in:

{
  ...
  "aggregations" : {
    "top_providers" : {
        "buckets" : [
        {
          "key" : "gmail.com",
          "doc_count" : 138
        },
        {
          "key" : "outlook.com",
          "doc_count" : 43
        },
        {
          "key" : "secureserver.net",
          "doc_count" : 29
        }
      ]
    }
  }
}

So far so good. But now to my actual problem...

I need to get all unique values of mxHost1.name, mxHost2.name and mxHost3.name from all docs that have the mailProvider field set to one of the top_hits aggregation results.

Any help is appreciated!

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.