Prepare the aggregation query according to the first occurence of the events

I have the the data of the access logs of the users in opensearch index, this data track the information of the users like at what time users access the door and got the arrival, but one user can swipe multiple time in a day so more than one entry of the user will be there.

My problem statement is : I want to find the count of the user hour wise but it should only consider the first arrival of the user, if suppose user u1 has accessed at 11 AM and then u1 again accessed at 2 PM, then I only want the count of that user at 11 AM only not at 2 PM, if I do the normal grouping aggregation by users and hour then I will get the count of that user at 11 AM and then 2 PM again which is wrong, so find the count as per the first arrival of the user and if that user is again coming then do not consider the count.

For the sake of simplicity consider I have three fields, user_name, time_of_access, location, write the opensearch query as per this

OpenSearch/OpenDistro are AWS run products and differ from the original Elasticsearch and Kibana products that Elastic builds and maintains. You may need to contact them directly for further assistance. See What is OpenSearch and the OpenSearch Dashboard? | Elastic for more details.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns )

Opensearch is as the bot says not supported here so I would recommend you reach out the the Opensearch community.

You may also want to have a look at this old post for a discussion on what seems to be a very similar problem.