I am actually doing a query with an aggregation that returns a list from which I need to re-search.
So, I get the aggregated data and then do a search on this aggregated data. That means 2 requests to Elasticsearch
Is it possible to solve it with only one request?
Like a pipeline that does: query -> Aggregates -> query aggregated data
Thanks in advance
A pipeline aggregation might work for you.
Thanks @aaron-nimocks for the fast response. I have been trying to use it but could not figured out how to.
For example:
I do this request:
{
"query":{
"bool":{
"filter":[
{
"bool":{
"must":[
{
"range":{
"absolute_time":{
"gte":"2021-01-23 13:15:40"
}
}
},
{
"range":{
"absolute_time":{
"lte":"2021-01-23 13:17:00"
}
}
}
]
}
}
]
}
},
"aggs":{
"hashes":{
"terms":{
"field":"hash",
"size":10
}
}
},
"size":0
}
Notice that the this search is limited for a time region
From the request response I get the following in the aggregation bucket:
{'hashes': {'doc_count_error_upper_bound': 2,
'sum_other_doc_count': 2590,
'buckets': [{'key': '8232', 'doc_count': 5},
{'key': '12264', 'doc_count': 3},
{'key': '102334', 'doc_count': 2},
{'key': '103777', 'doc_count': 2},
{'key': '105019', 'doc_count': 2},
{'key': '122634', 'doc_count': 2},
{'key': '126972', 'doc_count': 2},
{'key': '135199', 'doc_count': 2},
{'key': '135902', 'doc_count': 2},
{'key': '136087', 'doc_count': 2}]}}
Now I want to do a new search in the same index for all the keys in the aggregation (But know with no time range). It might look something like this:
{'query': {'bool': {'filter': [{'terms': {'hash': ['8232',
'12264',
'102334',
'103777',
'105019',
'122634',
'126972',
'135199',
'135902',
'136087']}}]}}}
So any clues on which aggregation pipeline should I use and how?
Thanks in advance
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.