Hi all,
I am trying to count the tag by using term facet on the following kind of
document - kind of tag but one tag can appear in several times instead of
one:
My doc looks like:
{
event_name: "Log_in",
event_count: ["failed","successful", "failed"]
}
With this facet
{
"facets": {
"facet_1": {
"terms": {
"field": "event_count"
}
}
}
}
I only have the result:
"terms": [
{
"term": "failed",
"count": 1
},
{
"term": "successful",
"count": 1
}
]
What I want is the count facet for term "failed" should be 2, according to
the document.
Is it possible? Please guide me how.
Thank.
Hai
The 'count' in the facet response represents the number documents that have
a specific term and not the number of times a term is used. The 'failed'
count of 1 is expected. You should index each failed or successful login
attempt as separate documents (I guess you have more metadata per login
attempt):
{
event_name: "Log_in",
event_count: "failed"
}
{
event_name: "Log_in",
event_count: "successful"
}
{
event_name: "Log_in",
event_count: failed"
}
Hi all,
I am trying to count the tag by using term facet on the following kind of
document - kind of tag but one tag can appear in several times instead of
one:
My doc looks like:
{
event_name: "Log_in",
event_count: ["failed","successful", "failed"]
}
With this facet
{
"facets": {
"facet_1": {
"terms": {
"field": "event_count"
}
}
}
}
I only have the result:
"terms": [
{
"term": "failed",
"count": 1
},
{
"term": "successful",
"count": 1
}
]
What I want is the count facet for term "failed" should be 2, according to
the document.
Is it possible? Please guide me how.
Thank.
Hai
Dear Martin,
Thank for your response,
That was what i thought before, however I just want to record the number of
specific events in periodical manner (saying 1 minute per record), and
don't want to use too many documents that may consume more disk space.
I also tried nested type:
{
event_name: "Log_in",
event_count:
{
"failed": 2,
"successful": 1
}
}
But I don't know which kind of query/facet should be used?
Thank.
On Thursday, September 26, 2013 12:46:19 AM UTC+7, Martijn v Groningen
wrote:
Hi Hai,
The 'count' in the facet response represents the number documents that
have a specific term and not the number of times a term is used. The
'failed' count of 1 is expected. You should index each failed or successful
login attempt as separate documents (I guess you have more metadata per
login attempt):
{
event_name: "Log_in",
event_count: "failed"
}
{
event_name: "Log_in",
event_count: "successful"
}
{
event_name: "Log_in",
event_count: failed"
}
On 25 September 2013 18:15, Hải Nguyễn Trung <hain...@gmail.com<javascript:>
wrote:
Hi all,
I am trying to count the tag by using term facet on the following kind of
document - kind of tag but one tag can appear in several times instead of
one:
My doc looks like:
{
event_name: "Log_in",
event_count: ["failed","successful", "failed"]
}
With this facet
{
"facets": {
"facet_1": {
"terms": {
"field": "event_count"
}
}
}
}
I only have the result:
"terms": [
{
"term": "failed",
"count": 1
},
{
"term": "successful",
"count": 1
}
]
What I want is the count facet for term "failed" should be 2, according
to the document.
Is it possible? Please guide me how.
Thank.
Hai
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
For more options, visit https://groups.google.com/groups/opt_out.
Dear Martin,
Thank for your response,
That was what i thought before, however I just want to record the number of specific events in periodical manner (saying 1 minute per record), and don't want to use too many documents that may consume more disk space.
I also tried nested type:
{
event_name: "Log_in",
event_count:
{
"failed": 2,
"successful": 1
}
}
But I don't know which kind of query/facet should be used?
Thank.
On Thursday, September 26, 2013 12:46:19 AM UTC+7, Martijn v Groningen wrote:
Hi Hai,
The 'count' in the facet response represents the number documents that have a specific term and not the number of times a term is used. The 'failed' count of 1 is expected. You should index each failed or successful login attempt as separate documents (I guess you have more metadata per login attempt):
{
event_name: "Log_in",
event_count: "failed"
}
{
event_name: "Log_in",
event_count: "successful"
}
{
event_name: "Log_in",
event_count: failed"
}
On 25 September 2013 18:15, Hải Nguyễn Trung hain...@gmail.com wrote:
Hi all,
I am trying to count the tag by using term facet on the following kind of document - kind of tag but one tag can appear in several times instead of one:
My doc looks like:
{
event_name: "Log_in",
event_count: ["failed","successful", "failed"]
}
With this facet
{
"facets": {
"facet_1": {
"terms": {
"field": "event_count"
}
}
}
}
I only have the result:
"terms": [
{
"term": "failed",
"count": 1
},
{
"term": "successful",
"count": 1
}
]
What I want is the count facet for term "failed" should be 2, according to the document.
Is it possible? Please guide me how.
Thank.
Hai
On 2013/09/26, at 8:10, Hải Nguyễn Trung <hain...@gmail.com <javascript:>>
wrote:
Dear Martin,
Thank for your response,
That was what i thought before, however I just want to record the number
of specific events in periodical manner (saying 1 minute per record), and
don't want to use too many documents that may consume more disk space.
I also tried nested type:
{
event_name: "Log_in",
event_count:
{
"failed": 2,
"successful": 1
}
}
But I don't know which kind of query/facet should be used?
Thank.
On Thursday, September 26, 2013 12:46:19 AM UTC+7, Martijn v Groningen
wrote:
Hi Hai,
The 'count' in the facet response represents the number documents that
have a specific term and not the number of times a term is used. The
'failed' count of 1 is expected. You should index each failed or successful
login attempt as separate documents (I guess you have more metadata per
login attempt):
{
event_name: "Log_in",
event_count: "failed"
}
{
event_name: "Log_in",
event_count: "successful"
}
{
event_name: "Log_in",
event_count: failed"
}
On 25 September 2013 18:15, Hải Nguyễn Trung hain...@gmail.com wrote:
Hi all,
I am trying to count the tag by using term facet on the following kind
of document - kind of tag but one tag can appear in several times instead
of one:
My doc looks like:
{
event_name: "Log_in",
event_count: ["failed","successful", "failed"]
}
With this facet
{
"facets": {
"facet_1": {
"terms": {
"field": "event_count"
}
}
}
}
I only have the result:
"terms": [
{
"term": "failed",
"count": 1
},
{
"term": "successful",
"count": 1
}
]
What I want is the count facet for term "failed" should be 2, according
to the document.
Is it possible? Please guide me how.
Thank.
Hai
--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com <javascript:>.
For more options, visit https://groups.google.com/groups/opt_out.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.