Hello All,
License Type: Basic license.
Version : Elasticsearch 7.2.1
Problem: Unable to perform Group by search
Description: I am trying to generate a report for max_cpu utilized for all servers for a day. Is it possible to perform group by as below not getting different servers, Rather getting records with only one server.
GET /metricbeat-7.2.1-2019.10.18-000003/_search
{
"aggs": { "group_by_hostname": { "terms": { "field": "host.name" } } }
}
if you want to create an aggregation that returns the maximum CPU usage for each host, you need to start to nest a max aggregation within the terms aggregation.
Also, you are only querying a single index, but for that day there might be more indices, so you should probably query all indices from that day, maybe then there are also more servers in your response?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2018. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.