Home > Software design >  Elasticsearch aggregation on multi fields
Elasticsearch aggregation on multi fields

Time:04-19

Here's an example of a document in my ES index:

{
  "src_ip": "192.168.1.1",
  "dst_ip": "192.168.1.2"
}

I want obtain the number of occurrences of ip in different documents(in field src_ip or dst_ip). What I would like to get as a result of the query is an aggregation like this:

[
  {"ip": "192.168.1.1", "count": 1"},
  {"ip": "192.168.1.2", "count": 1"}
]

Any idea about that? Thanks in advance for your help.

CodePudding user response:

You need to use term aggregation, Where you will get the group counts.

POST index_name/_search?size=0
{
  "aggs": {
    "src_ip_count": {
      "terms": {
        "field": "src_ip"
      }
    },
    "dst_ip_count": {
      "terms": {
        "field": "dst_ip"
      }
    }
  }
}

Here i am assuming that the type of src_ip and dst_ip is keyword. If it's not, You need to store all value as keyword type.

Page link:https//www.codepudding.com/Softwaredesign/376768.html

Prev:how get page start records from 23000 to 23004 in elasticsearch
Next:Supertokens - revoke another user's session without signing him off
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding