Showing in "total" only one per transactionId

tomer · October 3, 2017, 7:44am

Hi,

I am trying to ask how many transactions have a delay greater than 3. The problem is that in one transaction there are more than one log with a the same delay value. Therefore for an example if there is only one transaction and it has a delay of 4 it might have 2 logs of that contains delay = 3. How can I get that the query will give in the value of total 1 and not 2.

Here is my query:

{
    "size": 100,
   "query": {
    
   "bool":{ 

      "must": [
        { "range": 
          { 
            "delay": 
              {
                "gte": 3
              } 
          }
        }
      ]
   }
  },
  "aggs": {
        "group": {
            "terms": {
                "field": "transactionId"
            }
		}
   }
}

PS
the field that unites all logs of a transactionId is called "transactionId"

Christian_Dahlqvist · October 3, 2017, 7:57am

Have you tried using a cardinality aggregation on the transactionId?

tomer · October 3, 2017, 8:03am

Hi,

Thanks for the fast reply!

Yes, here is an example:

This should've returned me only one, no?

Christian_Dahlqvist · October 3, 2017, 8:05am

No, documents returned will depend on what matches the query. The result from the cardinality aggregation should show 1.

tomer · October 3, 2017, 8:24am

Yes I looked in the wrong place thanks

system · October 31, 2017, 8:28am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to get only one log per transaction that fits a match Elasticsearch	4	620	October 26, 2017
How to get transaction id the greatest value elastic Elasticsearch	2	559	October 24, 2017
Aggregating transaction data for payments Elasticsearch	5	555	October 11, 2021
Cardinality aggregation with set up time range Elasticsearch	5	609	August 30, 2019
Mathematical operations on individual bucket elemenst Elasticsearch	8	1888	March 10, 2017

Showing in "total" only one per transactionId

Related topics