I'd like to query the elasticsearch to get the unique ip count by devices from a bucket? The bucket data are in the following format
{
"request_time": 1651545553544,
"cp_code": "1179526",
"client_ip": "190.122.XXX.189",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36",
"device": "Chrome",
"stream_key": "ymty1j6r",
"bytes": 1242,
"country": "DO"
}
{
"request_time": 1651545553653,
"cp_code": "1179526",
"client_ip": "190.122.XXX.189",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36",
"device": "Chrome",
"stream_key": "ymty1j6r",
"bytes": 2824933,
"country": "DO"
}
{
"request_time": 1651545545132,
"cp_code": "1179526",
"client_ip": "190.122.XXX.189",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36",
"device": "Chrome",
"stream_key": "ymty1j6r",
"bytes": 2821788,
"country": "DO"
}
{
"request_time": 1651545465646,
"cp_code": "1179526",
"client_ip": "89.187.XXX.161",
"user_agent": "Xtream-Codes IPTV Panel Pro",
"device": "Other",
"stream_key": "ymty1j6r",
"bytes": 2807496,
"country": "US"
}
{
"request_time": 1651545482284,
"cp_code": "1179526",
"client_ip": "89.187.XXX.161",
"user_agent": "Xtream-Codes IPTV Panel Pro",
"device": "Other",
"stream_key": "ymty1j6r",
"bytes": 2813754,
"country": "US"
}
Which aggregation method should I use to get the result in the following format directly from elasticsearch?
device|unique_ip_count
chrome|50
firefox|10
Thank you very much
CodePudding user response:
A simple terms bucket aggregation on the device field and a cardinality metric aggregation on the client_ip field:
{
"size": 0,
"aggs": {
"devices": {
"terms": {
"field": "device",
"size": 10
},
"aggs": {
"unique_ips": {
"cardinality": {
"field": "client_ip"
}
}
}
}
}
}