I some Json data in elasticsearch. This json data has customer and device in it. I have 2 customer which have multiple devices. I have below query which gives the data for the devices and their customer name:
{
"aggs": {
"device_name": {
"terms": {
"field": "Device.keyword"
},
"aggs": {
"top_faq_hits": {
"top_hits": {
"_source": {
"includes": [
"Customer"
]
},
"size": 1
}
}
}
}
}
}
This gives me below response which has devices and customer name:
"aggregations" : {
"device_name" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "T1",
"doc_count" : 736,
"top_faq_hits" : {
"hits" : {
"total" : {
"value" : 736,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "logs",
"_type" : "_doc",
"_id" : "16",
"_score" : 1.0,
"_source" : {
"Customer" : "Demo1"
}
}
]
}
}
},
{
"key" : "T2",
"doc_count" : 237,
"top_faq_hits" : {
"hits" : {
"total" : {
"value" : 237,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "logs",
"_type" : "_doc",
"_id" : "73",
"_score" : 1.0,
"_source" : {
"Customer" : "Demo1"
}
}
]
}
}
},
{
"key" : "T3",
"doc_count" : 9,
"top_faq_hits" : {
"hits" : {
"total" : {
"value" : 9,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "logs",
"_type" : "_doc",
"_id" : "3",
"_score" : 1.0,
"_source" : {
"Customer" : "Demo2"
}
}
]
}
}
},
{
"key" : "T4",
"doc_count" : 4,
"top_faq_hits" : {
"hits" : {
"total" : {
"value" : 4,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "logs",
"_type" : "_doc",
"_id" : "11",
"_score" : 1.0,
"_source" : {
"Customer" : "Demo2"
}
}
]
}
}
}
]
}
Looking at above response, I can say that in Demo1 device T1, T2 are online and in Demo2 devices T3, T4 are online.
I want to write a query which can also give me the offline devices. So for that, is it possible to define a complete list of devices in query so that when the query is executed, it can also compare the response with the list of devices we have mentioned and simply gives us the output of devices which do not matches. This way we can list down the devices which are offline.
So is it possible we can define below json data:
{
"Demo1": ["T1", "T2"],
"Demo2": ["T3", "T4"]
}
as a complete list of devices in the query. So lets say if T2 goes offline and not pushing data for last 15min, in the final output we will get T2 and customer name Demo1 . This way we will know, its offline.
Or is there any alternative solution which can tell us the list of devices which are not uploading the data i.e. offline. Can anyone please give some good suggestions on this. Please help. Thanks