How to set limit on multiple aggregations in elasticsearch sql plugin


(Abhijeet Chinchole) #1

I want to set different limit for different aggregations to query elasticsearch using sql plugin.
I want to write an equivalent query to following ES query > {"size":0,"query":{"filtered":{"query":{"query_string":{"query":"","analyze_wildcard":true}},"filter":{"bool":{"must":[{"range":{"start":{"gte":1483640371392,"lte":1483641271392,"format":"epoch_millis"}}}],"must_not":[]}}}},"aggs":{"2":{"terms":{"field":"interface-id","size":5,"order":{"_count":"desc"}},"aggs":{"3":{"terms":{"field":"srcport","size":5,"order":{"_count":"desc"}}}}}}}
I tried sql query using Elasticsearch SQL Plugin SELECT COUNT(
) FROM index GROUP BY interface-id, srcport LIMIT 5 but results comes different than that of ES Query.
Can someone please help


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.