Trying to find duplicate MAC addresses in customer records, what am I doing wrong?
GET /_search
{
"query": {
"match_all": {}
},
"aggs": {
"device_mac": {
"terms": {
"field": "device_mac",
"min_doc_count": 2
}
}
}
}
that looks about right: https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html#_minimum_document_count_4
what's not working?
This seems more of an Elasticsearch question than a Kibana one though.
How many shards is this data distributed across? The min_doc_count is applied once the shards have returned results, so if the duplicates reside in different shards and are few they could be missed as the relevant data may not be returned from all shards. This is described in the docs.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.