Showing in "total" only one per transactionId

tomer · October 3, 2017, 7:44am

Hi,

I am trying to ask how many transactions have a delay greater than 3. The problem is that in one transaction there are more than one log with a the same delay value. Therefore for an example if there is only one transaction and it has a delay of 4 it might have 2 logs of that contains delay = 3. How can I get that the query will give in the value of total 1 and not 2.

Here is my query:

{
    "size": 100,
   "query": {
    
   "bool":{ 

      "must": [
        { "range": 
          { 
            "delay": 
              {
                "gte": 3
              } 
          }
        }
      ]
   }
  },
  "aggs": {
        "group": {
            "terms": {
                "field": "transactionId"
            }
		}
   }
}

PS
the field that unites all logs of a transactionId is called "transactionId"

Christian_Dahlqvist · October 3, 2017, 7:57am

Have you tried using a cardinality aggregation on the transactionId?

tomer · October 3, 2017, 8:03am

Hi,

Thanks for the fast reply!

Yes, here is an example:

This should've returned me only one, no?

Christian_Dahlqvist · October 3, 2017, 8:05am

No, documents returned will depend on what matches the query. The result from the cardinality aggregation should show 1.

tomer · October 3, 2017, 8:24am

Yes I looked in the wrong place thanks

system · October 31, 2017, 8:28am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.