Group by Count equals value

chivas · March 31, 2022, 6:18am

Hello,
I am using below query to group by a field and return the count, is there a way to return documents whose doc_count equals 1 (or less than 2)

GET logs-test*/_search
{
  "aggs": {
    "2": {
      "terms": {
        "field": "id",
        "order": {
          "_count": "asc"
        },
        "min_doc_count": 2
      }
    }
  },
  "size": 0,
  "query": {
    "bool": {
      "must": [],
      "filter": [
        {
          "match_phrase": {
            "body.function": "myfunctionName"
          }
        },
        {
          "range": {
            "timestamp": {
              "gte": "2022-03-30T17:00:00.000Z",
              "lte": "2022-03-31T16:59:59.999Z"
            }
          }
        }
      ]
    }
  }
}

Thanks!

chivas · March 31, 2022, 7:04am

Ok, managed to solve it using below

GET logs-test*/_search
{
  "aggs": {
    "id_count": {
      "terms": {
        "field": "id"
      },
         "aggs": {
            "my_filter": {
               "bucket_selector": {
                  "buckets_path": {
                     "the_doc_count": "_count"
                  },
                  "script": "params.the_doc_count == 1"
               }
            }
         }
    }
  },
  "size": 0,
  "query": {
    "bool": {
      "filter": [
        {
          "match_phrase": {
            "body.function": "myfunctionName"
          }
        },
        {
          "range": {
            "timestamp": {
              "format": "strict_date_optional_time",
              "gte": "2022-03-30T17:00:00.000Z",
              "lte": "2022-03-31T16:59:59.999Z"
            }
          }
        }
      ]
    }
  }
}

system · April 28, 2022, 7:04am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.