Hi,
I have a requirement for aggregating more than one field for a analysis,Is this possible in elasticsearch.
Selest dst,dstname,dst_port ,count(*) from table group by dst,dstname,dst_port.
The following one is valid the above query in Elasticsearch
searchRequest.addAggregation(AggregationBuilders.dateHistogram("date").field("first_occurance").interval(DateHistogram.Interval.DAY)).addAggregation(
AggregationBuilders.terms("dst").field("dst").size(1000)).addAggregation(
AggregationBuilders.terms("dst_name").field("dst_name").size(1000)).addAggregation(
AggregationBuilders.terms("dst_port").field("dst_port").size(1000));
Is this is support in Elasticsearch.
Thanks
Moni