Hi everyone !
I'm currently working on a query and want to count the numbers of hits returned.
Given the following query :
GET /index*/_search
{
"aggs": {
"ip": {
"terms": {
"field": "ClientIP.ip",
"min_doc_count": 10000,
"size": 1000
}
}
}
}
I get the following result :
"aggregations" : {
"ip" : {
"doc_count_error_upper_bound" : 363,
"sum_other_doc_count" : 1888503,
"buckets" : [
{
"key" : "XXX.YYY.ZZZ.AA",
"doc_count" : 20408
},
{
"key" : "BB.UUU.FFF.AA",
"doc_count" : 15619
},
{
"key" : "ZZ.EEE.HH.FOO",
"doc_count" : 12009
},
{
...
...
...
I want to get the size of the array "buckets" aka counting the number of hits and have yet to succeed.
Adding a cardinality aggregation the following way doesn't give the wanted result
GET /index*/_search
{
"aggs": {
"ip": {
"terms": {
"field": "ClientIP.ip",
"min_doc_count": 10000,
"size": 1000
},
"aggs": {
"test": {
"cardinality": {
"field": "ClientIP.ip"
}
}
}
}
}
}
As i get :
"aggregations" : {
"ip" : {
"doc_count_error_upper_bound" : 363,
"sum_other_doc_count" : XXXXXX,
"buckets" : [
{
"key" : "XXX.YYY.ZZZ.AA",
"doc_count" : 20408,
"test" : {
"value" : 1
}
},
{
"key" : "BB.UUU.FFF.AA",
"doc_count" : 15619,
"test" : {
"value" : 1
}
},
I saw on a similar topic some options about _count or buckets_path but i can't use them with a terms aggregation :
https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-pipeline.html#_special_paths
I'm looking for a hand here,
Thanks in advance,
Ian