Want to aggregate and search multiple route_path as same function

Hi,

here is my DSL,

GET access-2020.07.29/_search
{
  "query": {
    "match": {
      "route": "PIDInterface"
    }
  },
  "aggs": {
    "route_path": {
      "terms": {
        "field": "route_path.keyword",
        "size": 5
      }
    }
  }
}

and result is

     {
        "_index" : "access-2020.07.29",
        "_type" : "_doc",
        "_id" : "oX5gmXMBAnGKjYXAHIdC",
        "_score" : 1.1738663,
        "_source" : {
          "route" : "PIDInterface",
          "route_path" : "hex/user/3817606/lobby/domain",
          "request_method" : "GET",
          "@timestamp" : "2020-07-29T15:00:13.000000000+08:00"
        }
      },
      {
        "_index" : "access-2020.07.29",
        "_type" : "_doc",
        "_id" : "pH5gmXMBAnGKjYXAHIdC",
        "_score" : 1.1738663,
        "_source" : {
          "route" : "PIDInterface",
          "route_path" : "hex/user/3817609/lobby/domain",
          "request_method" : "GET",
          "@timestamp" : "2020-07-29T15:00:13.000000000+08:00"
        }
      },
      {
        "_index" : "access-2020.07.29",
        "_type" : "_doc",
        "_id" : "pX5gmXMBAnGKjYXAHIdC",
        "_score" : 1.1738663,
        "_source" : {
          "route" : "PIDInterface",
          "route_path" : "hex/user/3817600/lobby/domain",
          "request_method" : "GET",
          "@timestamp" : "2020-07-29T15:00:13.000000000+08:00"
        }
      },
      {
        "_index" : "access-2020.07.29",
        "_type" : "_doc",
        "_id" : "sH5gmXMBAnGKjYXAHIdC",
        "_score" : 1.1738663,
        "_source" : {
          "route" : "PIDInterface",
          "route_path" : "hex/user/217/lobby/domain",
          "request_method" : "GET",
          "@timestamp" : "2020-07-29T15:00:14.000000000+08:00"
        }
      },
      {
        "_index" : "access-2020.07.29",
        "_type" : "_doc",
        "_id" : "x35gmXMBAnGKjYXAHIdC",
        "_score" : 1.1738663,
        "_source" : {
          "route" : "PIDInterface",
          "route_path" : "hex/user/3817621/lobby/domain",
          "request_method" : "GET",
          "@timestamp" : "2020-07-29T15:00:15.000000000+08:00"
        }
      }
~~~
~~~
  "aggregations" : {
    "route_path" : {
      "doc_count_error_upper_bound" : 452,
      "sum_other_doc_count" : 207736,
      "buckets" : [
        {
          "key" : "hex/user/3820157/lobby/domain",
          "doc_count" : 295
        },
        {
          "key" : "hex/user/3515303/lobby/domain",
          "doc_count" : 291
        },
        {
          "key" : "hex/user/3818401/lobby/domain",
          "doc_count" : 290
        },
        {
          "key" : "hex/user/3819824/lobby/domain",
          "doc_count" : 290
        },
        {
          "key" : "hex/user/235/lobby/domain",
          "doc_count" : 289
        },

The field route_path is same function

I want to search it like

"route_path" : "hex/user/*/lobby/domain"

and aggregate result

How should I do in DSL syntax

thank you

I've try custom analysis, and DSL is

PUT 
{
  "settings": {
    "analysis": {
      "analyzer": {
        "query_analyzer": {
          "type": "custom",
          "tokenizer": "split_query",
          "filter": [
            "top1"
          ]
        }
      },
      "filter": {
        "top1": {
          "type": "limit",
          "max_token_count": 1
        }
      },
      "tokenizer": {
        "split_query": {
          "type": "pattern",
          "pattern": "\\?"
        }
      }
    }
  }
}


GET   
{
  "query": {
    "bool": {
      "must": [
        {
          "wildcard": {
            "route_path.keyword": "/hex/user/*"
          }
        }
      ]
    }
  },
  "from": 0,
  "size": 0,
  "aggs" : {
        "genres" : {
            "terms" : { "field" : "path.no_query" }
        }
    }
}

But it can't get what i need.

what should i fix my DSL syntax.

or is there a better way to do it ?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.