Hi,
I'm working with the base field 'labels' and want to create a search query that groups my results by values for each key. The sample structures include keys like 'application' and 'env.' For instance, I want to group by 'env' and count how many results I have for values like 'production' and 'test.' However, in my use case, it's not just one key I use for grouping but up to five.
"labels": {"application": "foo-bar", "env": "production"}
"labels": {"application": "foo-bar", "env": "test"}
Thats what I have so far:
aggregationMap.put("date", Aggregation.of(
agg -> agg.dateHistogram(dH -> dH
.calendarInterval(finalInterval)
.field("@timestamp"))
.aggregations("source", so -> so.topHits(th -> th.source(
s -> s.filter(f -> f.includes(List.of("event.action", "message", "@timestamp", "labels.*"))))
.size(1)
)
)
.aggregations("count", count -> count.sum(s -> s.field("countValue")))
)
);
I'm using the Java API REST Client and I tried many diffrent aproaches, but it does not work at all. Is this possible somehow?