You might be able to make something work with the data table visualization.
Use the filters aggregation as your first bucket and create a filter for each term you're searching for and use the terms aggregation on your filename field as a sub-bucket. The terms aggregation returns the top n values for the field you specify, so if the expected number of field names is low you could just set the size parameter to whatever you think would be the max cardinality.
You'll end up with something that looks like this (with different field names, of course):
You get a row for each term/filename combination, but that's just how the data table works. Depending on what your data looks like, you might be able to get away with using the Top Hit metric instead of a terms agg sub bucket to concatenate the field names from some top-n results.
if I understood you correctly, filter for each search term has to be created individually. this is ok when you know beforehand what the seach terms are going to be (like response code in your example).
In my case, the search terms are not known previously and also the number of terms may be quite large, 10-15 at least. so creating individual filters every time is not practical. I would like to save a visualization which can run on whatever search query I run.
is there a way to aggregate search terms on the basis of if they have returned a hit or not ?
even something like
term1 - yes
term2 - yes
term3 - no
.
.
.
termN - no
@Ramon_Zaro sorry if I'm misunderstanding, but it sounds like you just need a terms agg with min_doc_count set to 0. This will return terms even if they have 0 matches for the current query.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
