Hello,
I would like to know how to create an index from an existing Index with Elasticsearch aggregations. (In my case, i would like to get statistics per login: count_connection, distinct_count_connection, first_connection, last_connection in new index or csv output).
I use ELK 5.4
Thank you in advance
Rather than Logstash, you're probably better off asking in the Elasticsearch forum about how to use the Reindex API to do this with a query in the reindex API call.
Thanks for reply. Reindex API it's only for dump current index into new Index.
In index 1 I've all data connections per day, and I would like to create an index 2 from aggregations of Index 1 (one line per login "email", with all informations "count connection, date last connexion, .....")
You should re-read the link I sent you. The Reindex API, while it can "dump" an index into a new one, it's much more sophisticated than just that use case. It also allows you to use the results of a query to populate a new index:
POST _reindex
{
"source": {
"index": "twitter",
"type": "tweet",
"query": {
"term": {
"user": "kimchy"
}
}
},
"dest": {
"index": "new_twitter"
}
}
So, why not try aggregations in a reindex with a query?
Could you please give me an example of query syntax with aggs inside query?
That question definitely belongs in the Elasticsearch section of the forums.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.