How to display only TOP 10 of aggregate count in kibana?

hello,

I use elastic cloud 7.x and I try to limit aggregate count to retreive only TOP 10 / per day (not all results)

I use this query, but it is so slow.... :
{
"aggs": {
"2": {
"date_histogram": {
"field": "emailInfo.mailProcessingStartTime",
"interval": "1h",
"time_zone": "Europe/Paris",
"min_doc_count": 1
},
"aggs": {
"6": {
"terms": {
"field": "emailInfo.headerFrom.keyword",
"size": 5,
"order": {
"_count": "desc"
}
}
}
}
}
},
"size": 0,
"_source": {
"excludes":
},
"stored_fields": [
"*"
],
"script_fields": {},
"docvalue_fields": [
{
"field": "emailInfo.mailProcessingStartTime",
"format": "date_time"
}
],
"query": {
"bool": {
"must": ,
"filter": [
{
"match_all": {}
},
{
"match_all": {}
}
],
"should": ,
"must_not":
}
}
}

Thanks for your help !

Hi,

so that is basically the right and only query to use if you want to visualize TOP 5 / per day. ES is actually bucketing all your data into 1h buckets, and than it applies the term aggregation.

It's slow because it first looks at all your data, aggregate everything by 1h buckets and than apply the other agg.

That speed depends also on various factors: time window of your query, data volume, and for sure on you actual cluster configuration. Can you tell me a bit more of those 3 factors?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.