I have an index with several types. The data in each record includes fields like "Customer ID" and "Device Name", "url" etc.
Elasticsearch is v5.6.8.
What I'd like to end up with is one document per "Customer ID" and "Device Name" and the value of the _type for the document. The single document per grouping should have a list of the 'url' values joined into one field called 'urls'.
I tried the following but it doesn't do what I thought it would do and I'm not sure what else to try:
GET _search
{
"query": {
"bool": {
"must": [
{
"term": {
"_index": "safebrowsing"
}
},
{
"range": {
"eventtime": {
"gte": "now-5d/d"
}
}
}
],
"must_not": [
{
"term": {
"reported_to_client": true
}
}
]
}
},
"size": 0,
"aggs": {
"Customer ID": {
"terms": {
"field": "Customer ID.keyword"
},
"aggs": {
"Device Name": {
"terms": {
"field": "Device Name.keyword"
},
"aggs": {
"documenttype": {
"terms": {
"field": "_type"
},
"aggs": {
"urls": {
"terms": {
"script": "_doc['url'].values"
}
}
}
}
}
}
}
}
}
}
This is the error I get:
{
"error": {
"root_cause": [
{
"type": "circuit_breaking_exception",
"reason": "[script] Too many dynamic script compilations within one minute, max: [15/min]; please use on-disk, indexed, or scripts with parameters instead; this limit can be changed by the [script.max_compilations_per_minute] setting",
"bytes_wanted": 0,
"bytes_limit": 0
},
{
"type": "script_exception",
"reason": "compile error",
"script_stack": [
"_doc['url'].values",
"^---- HERE"
],
"script": "_doc['url'].values",
"lang": "painless"
}
],
...etc