REST API to fetch values based on Terms aggregation

Elastic Stack Elasticsearch
1

Hi All,

I have a requirement to fetch data from Elasticsearch based on Term aggregation. I need to build a request using terms aggregation where I need to groupby a particular field name and then fetch other fields corresponding to that particular field value.

For example, I have the following fields:
Hostname, hostip, hostinglocation, applicationinfo, portsopened.
Now first I need to groupby using Hostname and then fetch the corresponding values of hostip, hostinglocation, applicationinfo and portsopened for that particular hostname.
Again for the next hostname, i need the next set of information.
so the request should something like below:

{
  "aggs": {
    "agg1": {
      "terms": {
        "field": "field1"
      },
      "aggs": {
        "agg2": {
          "terms": {
            "field": "field2"
          },
          "aggs": {
            "agg3": {
              "terms": {
                "field": "field3"
              }
            }
          }          
        }
      }
    }
  }
}
2

@Venkat_Raj

For a given hostname let's say there are 1000 documents, do you want to see all 1000? Generally you group on a field and get aggregate (count, avg) on other fields.

These 1000 documents may contain multiple documents for a given let's say hostip. Do you want to group on hostip under each hostname?

3

HI @Vinayak_Sapre

I have used the aggregation function to group the values i would need to get from the given set of records and it worked.
Thanks.