Hello,
I am performing an aggregation of Netflow records. My first aggregation is to collect all documents within a "100ms" interval. Now I want to do an aggregation on a particular field in this interval, say protocol used during this interval. So, how could I structure a query so that, I can get the total number of docs in each interval along with the count of docs having the particular protocol?