How to diff two log-indices


I have daily indices with log-data. What I would like to do, is to get an
terms aggregation but not a simple occurrence-count but to substract 1 for
day (index) one and to add 1 for day (index) two. So in the end I
theoretically get all the new terms and the ones with the biggest change. I
guess this could be done with a script, but I have no idea how.

Any ideas?


You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit
For more options, visit