{ID2 - Status 1 - Timestamp 2}
{ID2 - Status 2 - Timestamp 3}
{ID3 - Status 2 - Timestamp 2}
{ID3 - Status 3 - Timestamp 3}
{ID4 - Status 1 - Timestamp 1}
When I search after Timestamp 3, I would like to get the count of IDs per Latest Status for that ID
e.g.
Status3 - Count 2 IDs (because of ID1 & ID3)
Status2 - Count 1 ID (because of ID2)
Status1 - Count 1 ID (because of ID4)
I hope I'm understanding you correctly, but this seems pretty straightforward actually. If you are just going to be querying for 1 TS at once
GET <index>/_search
{
"size": 0,
"query": {
"term": {
"timestamp": <Timestamp3>
}
},
"aggs": {
"statuses": {
"terms": {
"field": "status"
// You may want to add additional params to the terms
// aggregation here to set the # of buckets or ordering for example
},
"aggs": {
"ids": {
"cardinality": {"field": "ID"}
}
}
}
}
}
You can also do it w/ multiple timestamps at once if you want--you could use either two terms aggregations or a composite aggregation
Thanks for your revert ...
the solution which you propose does give the status count back ...
But
What I would like to have is the count of Top status (derived by Sorting on timestamp: desc)
At the moment it is giving status count per field ID but i would like to get a total count of status depending on whether the status is latest status for that ID group
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.