Hey 
,
Context
I am currently struggling to create a proper query for the following use case.
Let's say I wanted to create a group-by aggregation for e.g. term app:.*, I would do the following:
"terms": {
"field": "tags",
"include": "app:.*",
"size": 300000
}
This would give me all buckets which matches the regex.
Why
I have some high cardinality fields + nested terms aggregations which can trip the circuit breaker
Questions
I have the following questions:
How can I combine above with partitioning? AFAICT it is not possible to filter what kind of buckets we will create and therefore for every tag a bucket is created. Is there a way to filter it like above?
Something like this?
"terms": {
"field": "tags",
"include_regexp": "app:.*",
"include":{"partition":0, "num_partitions": 100}
"size": 300000
}
Does ES recomputate the partitions each time we query them e.g. partition:1 and the next query partition:3 or does it somehow cache the values?
Thanks 