user2822012
Reputation: 5
Aggregation using elastic search
I have my search query for fetch latest 5000 documents from my elastic DB as below
{
"size": 5000,
"from": 0,
"query": {
"range" : {
"hostTimestamp" : {
"gte" : 1499674634382,
"lte" : 1499680034000
}
}
},
"sort": [
{
"hostTimestamp": {
"order": "desc"
}
}
]
}
Now in the documents that are fetched as result of this query I want to count no of documents with eventSeverity as Alert or Critical. How can this be achieved?
Upvotes: 0
Views: 102
Answers (1)
Val
Reputation: 217254
You can achieve that with a terms aggregation on the eventSeverity field:
{
"size": 5000,
"from": 0,
"query": {
"range" : {
"hostTimestamp" : {
"gte" : 1499674634382,
"lte" : 1499680034000
}
}
},
"sort": [
{
"hostTimestamp": {
"order": "desc"
}
}
],
"aggs": { <--- add this part
"severities": {
"terms": {
"field": "eventSeverity"
}
}
}
}
Upvotes: 1
Related Questions
- Aggregation on query in Elasticsearch
- ElasticSearch: Aggregations
- ElasticSearch: aggregation filtering
- Multiple aggregations in Elasticsearch
- Elasticsearch aggregation
- Aggregations elasticsearch 5
- How to use aggregations with Elastic Search
- Aggregations in Elasticsearch
- Combining aggregations in Elastic Search
- Elastic search Multiple Aggregation