How can I filter for a specific field value in this query?

Sjaak01 · July 20, 2018, 8:33am

Hi,

I made this query and it gives me the results I'm looking for however I want to get the SUM where field wan_int matches wan1 (I got multiple wan interfaces). I tried adding filters and a query but I can't get it to work.

{
 "size":"0",
    "aggs": {
        "range": {
            "date_range": {
                "field": "@timestamp",
                "format": "YYYY/MM/DD, HH:mm:ss",
                "ranges": [
                    { "from": "now/1M" } 
                ]
            },
    "aggs" : {
        "switch_location" : {
            "terms" : {
                "field" : "location"
            },
            "aggs" : {
            "total_bytes": {
            "sum": {
            "script" : "doc['in_bytes'].value + doc['out_bytes'].value"
         }
       }
      }
     }
    }
   }
 }
}

mikebd · July 20, 2018, 1:28pm

{
 "size":"0",
	"query": {
		"bool": {
			"filter": {
				"match": {
					"wan_int": "wan1"
				}
			}
		}
	},
    "aggs": {
        "range": {
            "date_range": {
                "field": "@timestamp",
                "format": "YYYY/MM/DD, HH:mm:ss",
                "ranges": [
                    { "from": "now/1M" } 
                ]
            },
    "aggs" : {
        "switch_location" : {
            "terms" : {
                "field" : "location"
            },
            "aggs" : {
            "total_bytes": {
            "sum": {
            "script" : "doc['in_bytes'].value + doc['out_bytes'].value"
         }
       }
      }
     }
    }
   }
 }
}

Sjaak01 · July 23, 2018, 12:27am

Thanks, that works.

system · August 20, 2018, 12:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.