Hi All,
I have used the below query to get the scripted metric data. but the data is displaying in different shards. Is it possible to get the data in single Array insted of multiple arrays.
Query: GET act*/_search
{
"query": {
"bool": {
"must": [
{
"range": {
"starttime": {
"gte": "2019-07-14 23:00:00.000",
"lte": "2019-07-15 22:59:59.000"
}
}
}
],
"filter": [
{
"bool": {
"should": [
{
"match_phrase": {
"trunkgroupname": "100078012_testingPPIsite/PPIheadertrunk"
}
}
]
}
}
]
}
},
"sort": [
{ "starttime": { "order": "desc" }}
],
"size": 0,
"aggs": {
"max_outgoing": {
"scripted_metric": {
"init_script" : "state.transactions = ; state.endtrans=",
"map_script" : "if(doc['direction'] !=0 && doc['direction'].value == 'Originating') {state.transactions.add(doc['starttime'].value.hour6060+doc['starttime'].value.minute60+doc['starttime'].value.second);state.endtrans.add(doc['releasetime'].value.hour6060+doc['releasetime'].value.minute60+doc['releasetime'].value.second);}",
"combine_script" : "return state.transactions",
"reduce_script" : " return states"
}
}
}
}
Result:
{
"took" : 157,
"timed_out" : false,
"_shards" : {
"total" : 3,
"successful" : 3,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 31,
"relation" : "eq"
},
"max_score" : null,
"hits" :
},
"aggregations" : {
"max_outgoing" : {
"value" : [
[
36715,
39328,
53360,
37958,
36715,
37958,
53360,
36715,
39328,
53360
],
[
38148,
36715,
38148,
39328,
53360,
38148,
39328,
37958,
38148
],
[
37958,
53360,
37958,
36715,
38148,
39328
]
]
}
}
}