My DSL is
{
"size": 10,
"query":{
"bool": {
"should": [
{"match_phrase_prefix": {"status" : "3"} },
{"match_phrase_prefix": {"status" : "4"} }
]
}
},
"aggs": {
"host": {
"terms": {
"field": "status.keyword",
"size": 10
}
}
}
}
get http status 4xx and 3xx
"aggregations" : {
"host" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "304",
"doc_count" : 173161
},
{
"key" : "403",
"doc_count" : 28004
},
{
"key" : "404",
"doc_count" : 6682
},
{
"key" : "302",
"doc_count" : 6356
},
{
"key" : "499",
"doc_count" : 4760
},
{
"key" : "400",
"doc_count" : 16
},
{
"key" : "301",
"doc_count" : 3
},
{
"key" : "408",
"doc_count" : 1
}
]
}
}
}
And an other regexp DSL to query all *.php value
{
"size": 10,
"query":{
"regexp": {
"request":{
"value": ".*php",
"flags": "ALL"
}
}
},
"aggs": {
"host": {
"terms": {
"field": "request.keyword",
"size": 10
}
}
}
}
result is
"aggregations" : {
"host" : {
"doc_count_error_upper_bound" : 724,
"sum_other_doc_count" : 291350,
"buckets" : [
{
"key" : "GET /web_system_check.php HTTP/1.0",
"doc_count" : 382717
},
{
"key" : "HEAD /activity_link.php HTTP/1.1",
"doc_count" : 133765
},
{
"key" : "GET /six/forward_game.php?game_id=19001&lang=zh-cn&html5=1 HTTP/1.1",
"doc_count" : 22236
},
{
"key" : "GET /six/forward_game.php?game_id=19001&lang=zh-cn HTTP/1.1",
"doc_count" : 15320
},
{
"key" : "POST /six/ebet_verify.php HTTP/1.1",
"doc_count" : 11878
},
{
"key" : "GET /six/forward_game.php?game_id=54001&lang=zh-cn HTTP/1.1",
"doc_count" : 10412
},
{
"key" : "GET /six/forward_game_onewallet.php?game_id=66005&lang=zh-cn HTTP/1.1",
"doc_count" : 10402
},
{
"key" : "GET /six/forward_game.php HTTP/1.1",
"doc_count" : 3652
},
{
"key" : "GET /six/forward_game.php?game_id=36001&lang=zh-cn&html5=1 HTTP/1.1",
"doc_count" : 3267
},
{
"key" : "POST /six/wallet.php HTTP/1.1",
"doc_count" : 3211
}
]
}
}
}
I want to combine two of DSL query.
How should i do.