How to make a query for group by count?

psyapathy · July 16, 2019, 3:12pm

Hello!
I looking for information by event_id 2771

And i get result table (example):

I want to group the data and hide the duplicate TargetUser by their count in table. I want this result:

Is it possible?
How to make a query for group by count?

Thank you advance

wangqinghuan · July 17, 2019, 5:38am

You can try sub-aggregation:

 {

      "aggs": {

        "event_id": {

          "terms": {

            "field": "event_id"

          },

          "aggs": {

            "targetUser": {

              "terms": {

                "field": "tragetUser"

              },

              "aggs": {

                "ipAddress": {

                  "terms": {

                    "field": "ipAddress"

                  }

                }

              }

            }

          }

        }

      }

    }

psyapathy · July 17, 2019, 9:39am

Thank you. But how i can get column Count with count of TargetUser?

system · August 14, 2019, 9:47am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.