I could have sworn there was a way to do this, but basically I'm trying to apply a from and to range on a sum from another agg.
{
"size": 0,
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "2018-06-01T00:00:00Z",
"lte": "2018-06-30T23:59:59Z"
}
}
},
{
"term": {
"group_id": 883
}
}
],
"must_not": [
{
"term": {
"type": "daily_usage"
}
}
]
}
},
"aggs": {
"users": {
"composite": {
"size": 5000,
"sources": [
{
"account_id": {
"terms": {
"field": "account_id",
"order": "asc"
}
}
}
]
},
"aggs": {
"bw_sum": {
"sum": {
"field": "bandwidth"
}
}
}
}
}
}
Is the original query. What I'd like to do is add a range to only return results where the bw_sum is between 0 and 2000000000. We currently do it with a script, but on millions of docs it's taking an obvious long time.
Is there a way to only return results via post search filter using a bucket agg result or even return the count within the bucket if the sum is within range?