DanielZiv
Reputation: 107
Elasticserach filter on aggregated results (SQL HAVING)
I have an ES query that aggregates data from a monitoring tool.
Currently, I've found the number of documents in each relevant group (by "externalId").
Now, I wish to filter the results by the number of records in each group. (Similar to "HAVING" clause in SQL, doc_count > 0)
For instance, to find the "externalId" that stored more then one time.
This is my ES query:
{
"query":
{
"match" :
{
"method" : "METHOD_NAME"
}
},
"size":0,
"aggs":
{
"group_by_external_id":
{
"terms":
{
"field": "externalId"
}
}
}
}
The results looks like this:
"aggregations": {
"group_by_external_id": {
"doc_count_error_upper_bound": 5,
"sum_other_doc_count": 53056,
"buckets": [
{
"key": "6088417651626873",
"doc_count": 1
},
{
"key": "6088417688232882",
"doc_count": 1
}
Upvotes: 1
Views: 131
Answers (1)
nikoshr
Reputation: 33344
Terms aggregations have a min_doc_count option you can use. For example,
"aggs":
{
"group_by_external_id":
{
"terms":
{
"field": "externalId",
"min_doc_count": 2
}
}
}
Upvotes: 2
Related Questions
- Elastic Search (COUNT*) with group by and where condition
- filtering an elasticsearch query by aggregations
- elasticsearch query for count of distinct field value with where condition on another field
- ElasticSearch: Filter by distinct count during aggregation
- Elasticsearch filter after aggregation
- ElasticSearch aggregation counting query
- Elasticsearch filtering aggregated results where count greater than x
- Elasticsearch filter in Aggregation data
- ElasticSearch filter on aggregations without affecting aggregation counts
- Filter by count in elasticsearch