ThomasVestergaard
Reputation: 364
Elasticsearch group by
I have a elasticsearch (v. 5.2.0) index containing documents like this:
{
"_index": "test-index-2017.03.15",
"_type": "logevent",
"_id": "AVrSIU-U8za2OFJzSCwQ",
"_score": null,
"_source": {
"@timestamp": "2017-03-15T14:21:21.9636228+01:00",
"level": "Information",
"messageTemplate": "HeartbeatEntry {@Data}",
"message": "HeartbeatEntry HeartbeatEntry { ServiceName: \"Service A\", HeartbeatValue: 1 }",
"fields": {
"Data": {
"_typeTag": "HeartbeatEntry",
"ServiceName": "Service A",
"HeartbeatValue": 1
},
"MachineName": "DevServer01"
}
},
"sort": [
1489584081963
]
}
I want to get all 'ServiceName' values grouped by "MachineName". If this was in SQL world, I would do something like SELECT ServiceName, MachineName FROM test-index-2017.03.15 GROUP BY MachineName
I'm getting stuck pretty early, as I cant even get a simple aggregation working. Currently I got this:
GET /test-index-2017.03.15/_search
{
"size": 0,
"aggs" : {
"by_machinename" : {
"terms" : {
"field" : "MachineName"
}
}
}
}
Which yields zero results.
Upvotes: 0
Views: 156
Answers (2)
ThomasVestergaard
Reputation: 364
After dome digging around and with the help of paqash's comment, this did the trick:
GET /test-index-2017.03.15/_search
{
"size": 0,
"aggs" : {
"by_machinename" : {
"terms" : {
"field" : "fields.MachineName.keyword"
},
"aggs" : {
"by_servicename" : {
"terms" : {
"field" : "fields.Data.ServiceName.keyword"
}
}
}
}
}
}
Upvotes: 1
Related Questions
- Elasticsearch group-by field
- Elastic Search Group by field
- How to group by in elastic search
- How to search and group in ElasticSearch?
- Elastic Search - aggregation group by index
- GROUP BY in elasticsearch
- elasticsearch - group and filter result
- ElasticSearch aggregation - filter and group by
- simple group by in elastic search
- Elastic Search Grouped Queries