A
A
Andriy Stepanyuk2015-11-24 09:56:38
elasticsearch
Andriy Stepanyuk, 2015-11-24 09:56:38

About Aggregations in Elasticsearch?

Let's say I have a log in logstash with records of when, where and what time (timestamp) they walked with the dog
(name - the name of the dog). I need to get the latest dog walk entries from a list of dog names. I can't write a normal query, here's what I did:

GET logstash-1/dogs_walk/_search?pretty
{
  "aggs": {
    "filtered": {
      "filter": {
        "terms": {
          "name": [
            "Sharik",
            "Strelka"
          ]
        }
      },
        
      "aggs": {
        "group": {
          "terms": {
            "field": "name",
            "size": 2
          }
        }
      }
        
    }
  }
}
Can you tell me the best way to solve this problem? About https://www.elastic.co/guide/en/elasticsearch/refe... I am aware, until the required request could not be compiled.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Andriy Stepanyuk, 2015-11-24
@tid0wlas

I think I decided I should have used top_hits https://www.elastic.co/guide/en/elasticsearch/ref...

{
  "aggs": {
  
    "filtered": {
      "filter": {
        "terms": {
          "name": [
            "Sharik",
            "Strelka"
          ]
        }
      },    
      
      "aggs": {
        "group": {
          "terms": {
            "field": "name",
            "size": 2
          },
          
          "aggs": {
            "top_dogs_timestamp": {
              "top_hits": {
                "sort": [
                  {
                    "timestamp:" {
                      "order": "desc"
                    }
                  }
                ],
                "size": 1
              }
            }
          }
          
        }
      }      
        
    }
  }
}

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question