I have a lot of transaction record, how can i count total distinct ip address in elasticsearch?

Elastic Stack Elasticsearch
1

i have a lot of transaction record, how can i count total distinct ip
address in elasticsearch?

i've try facet search but it list all distinct ip address, i want only
total number of dictinct ip address.

thanks.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/03a60f63-e7a0-4737-ae83-3964d76da8ac%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

2

hmm... facet should work in your situation yes? The example in this link

written
just like what you seek?

"facets" : {
"tags" : {
"_type" : "terms",
"missing" : 0,
"total": 5,
"other": 0,
"terms" : [ {
"term" : "foo",
"count" : 2
}, {
"term" : "bar",
"count" : 2
}, {
"term" : "baz",
"count" : 1
} ]
}
}

On Thu, Dec 12, 2013 at 12:13 PM, bbb ibee133@gmail.com wrote:

i have a lot of transaction record, how can i count total distinct ip
address in elasticsearch?

i've try facet search but it list all distinct ip address, i want only
total number of dictinct ip address.

thanks.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/03a60f63-e7a0-4737-ae83-3964d76da8ac%40googlegroups.com
.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAHO4itxEb9ypVPrZpdZs3qD9DTJc3sXgzLLGJxjrMretGDvPjg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

3

On 12 Dec 2013, at 09:23, Jason Wee peichieh@gmail.com wrote:

hmm... facet should work in your situation yes? The example in this link Elasticsearch Platform — Find real-time answers at scale | Elastic written just like what you seek?

I think the OP in this case wants the total number of distinct IP addresses. I've done this in the past by asking ES for a facet as below with a very large size, and counting the length of the array under the 'terms' key. You'll want to check your memory usage (both in ES and on your client app) though before you do this, as it's a little profligate.

Is there a better way to do this with the new aggregations framework coming in 1.0.0?

Cheers,
Dan

"facets" : {

"tags" : {

"_type" : "terms",

"missing" : 0,

"total": 5,

"other": 0,

"terms" : [ {

  "term" : "foo",

  "count" : 2

}, {
  "term" : "bar",

  "count" : 2

}, {
  "term" : "baz",

  "count" : 1

} ]

}

}

On Thu, Dec 12, 2013 at 12:13 PM, bbb ibee133@gmail.com wrote:
i have a lot of transaction record, how can i count total distinct ip address in elasticsearch?

i've try facet search but it list all distinct ip address, i want only total number of dictinct ip address.

thanks.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/03a60f63-e7a0-4737-ae83-3964d76da8ac%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAHO4itxEb9ypVPrZpdZs3qD9DTJc3sXgzLLGJxjrMretGDvPjg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
Dan Fairs | dan.fairs@gmail.com | @danfairs | secondsync.com

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/80D96C91-2FC2-45CC-95E3-9F33A9D759F8%40gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

4

If you do not need to filter the list, you can get all the terms back for a
field with Jorg's termlist plugin:

--
Ivan

On Thu, Dec 12, 2013 at 1:58 AM, Dan Fairs dan.fairs@gmail.com wrote:

On 12 Dec 2013, at 09:23, Jason Wee peichieh@gmail.com wrote:

hmm... facet should work in your situation yes? The example in this link
Elasticsearch Platform — Find real-time answers at scale | Elastic written
just like what you seek?

I think the OP in this case wants the total number of distinct IP
addresses. I've done this in the past by asking ES for a facet as below
with a very large size, and counting the length of the array under the
'terms' key. You'll want to check your memory usage (both in ES and on your
client app) though before you do this, as it's a little profligate.

Is there a better way to do this with the new aggregations framework
coming in 1.0.0?

Cheers,
Dan

"facets" : {

"tags" : {

"_type" : "terms",

"missing" : 0,

"total": 5,

"other": 0,

"terms" : [ {

  "term" : "foo",

  "count" : 2

}, {
  "term" : "bar",

  "count" : 2

}, {
  "term" : "baz",

  "count" : 1

} ]

}
}

On Thu, Dec 12, 2013 at 12:13 PM, bbb ibee133@gmail.com wrote:

i have a lot of transaction record, how can i count total distinct ip
address in elasticsearch?

i've try facet search but it list all distinct ip address, i want only
total number of dictinct ip address.

thanks.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/03a60f63-e7a0-4737-ae83-3964d76da8ac%40googlegroups.com
.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CAHO4itxEb9ypVPrZpdZs3qD9DTJc3sXgzLLGJxjrMretGDvPjg%40mail.gmail.com
.
For more options, visit https://groups.google.com/groups/opt_out.

--
Dan Fairs | dan.fairs@gmail.com | @danfairs | secondsync.com

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/80D96C91-2FC2-45CC-95E3-9F33A9D759F8%40gmail.com
.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CALY%3DcQBsFdBTb-TKBqJYeuhLvPD5Hqipify9ThUjWjOO5rUrYQ%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.