How to scroll a particular request?

BoffinPanda · June 20, 2018, 12:14pm

Hello all.

I have a request -

{
"size": 0,
"_source": {
"excludes": []
},
"aggs": {
"2": {
"terms": {
"field": "netflow.dst_addr",
"size": 100,
"order": {
"_count": "desc"
}
},
"aggs": {
"3": {
"terms": {
"field": "netflow.src_addr",
"size": 100,
"order": {
"_count": "desc"
}
}
}
}
}
},
"stored_fields": [
""
],
"script_fields": {},
"docvalue_fields": [
"@timestamp",
"netflow.first_switched",
"netflow.last_switched"
],
"query": {
"bool": {
"must": [
{
"query_string": {
"analyze_wildcard": True,
"query": "",
"default_field": "*"
}
},
{
"range": {
"@timestamp": {
"gte": 1513752674812,
"lte": 1529477474812,
"format": "epoch_millis"
}
}
}
],
"filter": [],
"should": [],
"must_not": []
}
}
}

Now, I want to scroll the whole data so that I achieve some unique counts of a search term.

I have tried the regular scroll but it gives me the whole data and not what I have requested.

Does anyone know how to achieve it?

TomTom · June 20, 2018, 12:56pm

Maybe this can solve your problem:

https://www.elastic.co/guide/en/elasticsearch/reference/current/_executing_aggregations.html

Suggestion: Use the Preformatted text to put your code inside, makes it much easier to read the code

BoffinPanda · June 20, 2018, 1:00pm

Hey TomTom! I want to scroll the data as the size is > 10k.

In the above link there is no support for scroll!

TomTom · June 20, 2018, 1:16pm

In scroll you can use the 'aggs' without set a size, the scroll will count all data, even if you set the 'root' size as 10K.

BoffinPanda · June 20, 2018, 1:20pm

Found this:

https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html#_filtering_values_with_partitions

system · July 18, 2018, 1:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.