Hello,
First, thx you for very good ELK !
Anyone help me for how to filter range on cardinality aggregations please ?
ok please look my query working example:
curl -XGET 'http://localhost:9200/logstash-2014.10.20/_search?search_type=count&pretty=true' -d
'{ "size":9999999, "aggs": { "distinct_ip_src": { "cardinality": { "field": "IP_SRC"}}}}'
response:
{
"took" : 34,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 12975,
"max_score" : 0.0,
"hits" : [ ]
},
"aggregations" : {
"distinct_ip_src" : {
"value" : 10
}
}
}
But now, how to filter like a range distinct_ip_src.value (10 here) please ?
query not working: (no hits reply)
curl -XGET 'http://localhost:9200/logstash-2014.10.20/_search?search_type=count&pretty=true' -d
'{ "size":9999999, "aggs": { "distinct_ip_src": { "cardinality": { "field": "IP_SRC"}}},"post_filter",{"query": {"range":{"distinct_ip_src.value":{"gt":9}}}}}'
Tryed only "value": not work
Tryed only "_value": not work
Tryed only "term": not work
size:0 : not better work
Tryed removing "search_type=count": not work
Best Regards
@Rmkml
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/75edbbd1-7136-445d-889a-3f4d13d02e84%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.