Query latest records in each group

PremShankar_Kumar · April 21, 2017, 10:26pm

I want to query only latest record for each field(c here) for records matching both criteria( A & B). But query below returns multiple results for each c instead of 1.

Mapping: timestamp -> date
e.g.
"timestamp":"2017-04-16T21:26:16"

{
	"query": {
		"bool": {
			"must": [
				{
					"match_phrase": {
						"A": "false"
					}
				},
				{
					"match_phrase": {
						"B": "B1"
					}
				}
			]
		}
	},
	"aggs": {
		"c_agg": {
			"terms": {
				"field": "c",
				"size": 1,
				"order": {
					"max_timestamp": "desc"
				}
			},
			"aggs": {
				"max_timestamp": {
					"max": {
						"field": "timestamp"
					}
				}
			}
		}
	}
}

What am I missing here?

warkolm · April 24, 2017, 8:19am

When you run the query in KB, can you copy the actual request that is made and post it?

PremShankar_Kumar · April 24, 2017, 5:15pm

I am using elasticdump.

elasticdump --limit=100000 --output=instrumentation-2017-w17.json --input="https://.../instrumentation-2017-w17" --searchBody='{"query":{"bool":{"must":[{"match_phrase":{"A":"false"}},{"match_phrase":{"B":"B1"}}]}},"aggs":{"c_agg":{"terms":{"field":"c","size":1,"order":{"max_timestamp":"desc"}},"aggs":{"max_timestamp":{"max":{"field":"timestamp"}}}}}}'

system · May 22, 2017, 5:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.