GROUP BY geoip.country_name.keyword
curl -XPOST 'http://abcd:9200/logstash-2016.12.07/_search?pretty' -d '
{
"size" : 0,
"aggs" : {
"group_country" : {
"terms": {
"field" : "geoip.country_name.keyword"
}
}
}
}'
I get the following:
{
"took" : 4,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 22442144,
"max_score" : 0.0,
"hits" : [ ]
},
"aggregations" : {
"group_country" : {
"doc_count_error_upper_bound" : 94011,
"sum_other_doc_count" : 4513408,
"buckets" : [
{
"key" : "United States",
"doc_count" : 8504290
},
{
"key" : "China",
"doc_count" : 1810752
},
{
"key" : "Japan",
"doc_count" : 1101575
},
{
"key" : "United Kingdom",
"doc_count" : 669897
},
{
"key" : "Germany",
"doc_count" : 646917
},
{
"key" : "Republic of Korea",
"doc_count" : 599331
},
{
"key" : "France",
"doc_count" : 445700
},
{
"key" : "Brazil",
"doc_count" : 441536
},
{
"key" : "Canada",
"doc_count" : 425543
},
{
"key" : "Italy",
"doc_count" : 290951
}
]
}
}
}
Top 10 results are exposed.
I want to get next buckets.
How can I get next buckets?
This is not working.
curl -XPOST 'http://abcd:9200/logstash-2016.12.07/_search?pretty' -d '
{
"size" : 0,
"aggs" : {
"group_country" : {
"terms": {
"field" : "geoip.country_name.keyword"
},
"size" : 20
}
}
}'
I got error result.
{
"error" : {
"root_cause" : [
{
"type" : "parsing_exception",
"reason" : "Expected [START_OBJECT] under [size], but got a [VALUE_NUMBER] in [group_country]",
"line" : 9,
"col" : 22
}
],
"type" : "parsing_exception",
"reason" : "Expected [START_OBJECT] under [size], but got a [VALUE_NUMBER] in [group_country]",
"line" : 9,
"col" : 22
},
"status" : 400
}