How to get unique docment from elastic db from start time and end time?


(Ramesh Nagargoje) #1

Here is my python snippet query to get documents from ES

    res = es.search(index="test-data", timeout=500000, body={"query":
                    {"bool":
                        {"must": [
                                  {"range": {"timestamp": {
                                      "gte": startTime,
                                      "lte": 'now'
                    }}}
            ]}},
        "sort": [{"timestamp": {"order": "asc"}}]
    })

I want to get all unique documents from start time and end time please help me.


(David Pilato) #2

Not sure what unique documents means here.

Anyway to extract all the documents that match a query, you should use the scroll API if you will get more than 10000 results.


(Ramesh Nagargoje) #3
{  
  "highlight":{  
    "pre_tags":[  
      "@kibana-highlighted-field@"
    ],
    "post_tags":[  
      "@/kibana-highlighted-field@"
    ],
    "fields":{  
      "*":{  

      }
    },
    "fragment_size":2147483647
  },
  "query":{  
    "filtered":{  
      "query":{  
        "query_string":{  
          "query":"*",
          "analyze_wildcard":"true",
          "allow_leading_wildcard":"false"
        }
      },
      "filter":{  
        "bool":{  
          "must":[  
            {  
              "query":{  
                "match":{  
                  "boardName":{  
                    "query":"boardName",
                    "type":"phrase"
                  }
                }
              }
            },
            {  
              "query":{  
                "match":{  
                  "tag":{  
                    "query":"tagName",
                    "type":"phrase",
                    "analyzer":"english"
                  }
                }
              }
            },
            {  
              "query":{  
                "match":{  
                  "module":{  
                    "query":"module",
                    "type":"phrase"
                  }
                }
              }
            },
            {  
              "query":{  
                "match":{  
                  "os":{  
                    "query":"os",
                    "type":"phrase"
                  }
                }
              }
            },
            {  
              "range":{  
                "timestamp":{  
                  "gte":"startTime",
                  "lte":"now"
                }
              }
            }
          ],
          "must_not":[  

          ]
        }
      }
    }
  },
  "fields":[  
    "*",
    "_source"
  ],
  "script_fields":{  
    "origin":{  
      "script":"0",
      "lang":"expression"
    },
    "_count":{  
      "script":"1",
      "lang":"expression"
    }
  },
  "fielddata_fields":[  
    "timestamp"`Preformatted text`
  ]
}

@dadoonet  i want to get unique records of boardName, tagName, module, os for each combination of these.`Preformatted text`

(David Pilato) #4

Please format your code, logs or configuration files using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

This is the icon to use if you are not using markdown format:

There's a live preview panel for exactly this reasons.

Lots of people read these forums, and many of them will simply skip over a post that is difficult to read, because it's just too large an investment of their time to try and follow a wall of badly formatted text.
If your goal is to get an answer to your questions, it's in your interest to make it as easy to read and understand as possible.
Please update your post.


(Ramesh Nagargoje) #5

@dadoonet edited post please check.


(David Pilato) #6

I'd probably use some terms aggregations on fields boardName, tagName, module and os.


(Ramesh Nagargoje) #7

@dadoonet

Tried to fetch it worked 
        GET test_index/_search
        {
            "aggs" : {
                "genres" : {
                    "terms" : { "field" : "boardName.keyword" }
                }
            }
        } 

But when i used other fields it shows duplicate key error

GET bat/_search
{
"aggs" : {
    "genres" : {
        "terms" : { "field" : "boardName.keyword" },
        "terms" : { "field" : "os.keyword" },
        "terms" : { "field" : "tagName.keyword" },
        "terms" : { "field" : "module.keyword" }
    }
}
}

(Ramesh Nagargoje) #8
 Sorry, I was wrong,
it Solves the duplicate key problem.
    "aggs" : {
        "board" : {
            "terms" : { "field" : "boardName.keyword" }
            
        },
        "tag" : {
            "terms" : { "field" : "tagName.keyword" }
            
        },
        "os" : {
            "terms" : { "field" : "OS.keyword" }
            
        },
        
        "module" : {
            "terms" : { "field" : "module.keyword" }
            
        }
    }

(system) closed #9

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.