What I'm after is the top N of the combined ttl and fwm fields (similar to
a group by with a count in SQL). So, I'd get (if I only had the two data
points above):
50 0x7 1
65 0x8 1
Is there a way to get a aggregate count of multiple fields ?
I tried using the facets with a script_field to combine the two fields but
that kept returning 500 errors (though it might have been something else
causing that).
What I'm after is the top N of the combined ttl and fwm
fields (similar to a group by with a count in SQL). So, I'd get (if I
only had the two data points above):
50 0x7 1
65 0x8 1
It sounds like what you need is a terms facet. But, you're wanting to
combine the value from two different fields, which the terms facet
doesn't support out of the box.
Two options:
index the combination of ttl and fwm in another field, and run the
facets on that
use a script_field in the terms facet to output the concatenation of
ttl and fwm
Note, option 2 will be slower than option 1
clint
Is there a way to get a aggregate count of multiple fields ?
I tried using the facets with a script_field to combine the two fields
but that kept returning 500 errors (though it might have been
something else causing that).
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.