[Kibana 5.5.2] condition in aggregated field with top_hits

Elastic Stack Kibana
1

hello everyone,

I'm using a visualisation to contrôle the received documents in ES (with top_hits on meta.localtime field).

the generated request:

{
  "query": {
"bool": {
  "must": [
    {
      "match_all": {}
    },
    {
      "range": {
        "ended": {
          "gte": 1507827469811,
          "lte": 1515603469811,
          "format": "epoch_millis"
        }
      }
    }
  ],
  "must_not": []
}
  },
  "size": 0,
  "_source": {
"excludes": []
  },
  "aggs": {
"2": {
  "terms": {
    "field": "meta.srcMaster",
    "size": 9999,
    "order": {
      "_term": "desc"
    }
  },
  "aggs": {
    "3": {
      "terms": {
        "field": "@policy",
        "size": 99999,
        "order": {
          "_term": "desc"
        }
      },
      "aggs": {
        "1": {
          "top_hits": {
            "docvalue_fields": [
              "meta.localtime"
            ],
            "_source": "meta.localtime",
            "size": 1,
            "sort": [
              {
                "meta.localtime": {
                  "order": "desc"
                }
              }
            ]
          }
        }
      }
    }
  }
}
  }
}

I want to filter results to get lines with the top_hits aggregation "1" lower then "now-24h"
I tried ti use "lt":"now-24h". But the top_hits can't parse the query.

Thanx in advance for the help.

Regards

2

Hello,

Would using a filter on meta.localtime < now-24h get you your desired results? I don't really understand exactly what you are trying to do so I cannot reproduce the scenario locally in order to test this.

3

Hello Marius,

My visualisation contrôle the last received documents concerning my two fields SrcMaster and @policy. To do so i'm using the top_hit aggregation in kibana

image

I'm trying to filter this visualisation and keep in the table only the couple (SrcMaster/Policy) with last received document lower then now-24h. Since i was not able to do it directly by filtering the aggregated field in kibana, i'm trying to get something using the Dev tools.

Hope it was clear.

Thank you for the help.
salim

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.