I am using packetbeat along with elasticsearch and i need to be able to paginate source.mac sorted according to bandwidth("source.stats.net_bytes_total" + "dest.stats.net_bytes_total").
-Partition won't work because it only sorts within the given partition.
-Collapse aggregation doesn't work because I need to have a scripted sort, which didn't give desired results.
-Composite Aggregation failed because it only sorts the bucket key. I tried to make bandwidth as my bucket key but painless script only returns string values and not numbers, which ends up in string sort.
Is there any other way? or should i just query all aggregation buckets and do pagination in my own code?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.