How to perform nested aggregation in child parent relationship

Hi,

I am using elasticsearch 7.11 and have implemented parent child relation on of the base reason was my updates were very frequent and time a new child could be added under 1 parent,
My project is something managing all the computers in the network all the activity related to the endpoints should be logged for the analytics purpose so.
My mapping is some thing.

PcInformation -> User
Now Pc has its own information the main thing to note is the activationTime and the user has its Department, username, role etc.

Now I want to get the top departments w.r.t to PC and its time.

Say I want to know which departments have most number of PC in 2020.

What I am currently doing is first get all the PC using the user relationship using hasChild query is below.

{
  "query": {
    "bool": {
      "filter": [
        {
          "has_child": {
            "type": "user",
            "query": {
              "nested": {
                "path": "user",
                "query": {
                  "match_all": {}
                }
              }
            }
          }
        },
        {
          "range": {
            "regDate": {
              "gte": "2020-04-11",
              "lte": "2022-04-31"
            }
          }
        }
      ]
    }
  }
}

This would return me all the PC in specific time.
And then I am performing aggregation first on user than sub aggregation on pcConnection data for the time based aggragation now I want to know the name of the department but this is not in the the pc information.

One thing is to put user information in the pc but I would lost for what I am using parent child model.

Is there anyway to do so ?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.