Saifullah khan
Reputation: 778
How to achive this sql query result in Elastic Search
I have a error index containing all the errors logged by the php application. Now I want a DSL query whitch returns the distinct errors by message and also the count.
Similar to mysql query:
SELECT *, COUNT(*) AS total FROM errorsGROUP BYmessage;
Mapping for my index:
"mappings": {
"errors": {
"properties": {
"message": {
"type": "keyword"
},
"trace": {
"type": "keyword"
},
"file": {
"type": "keyword"
}
}
}
}
Expected result:
Message | File | Count
Undefined variable $param at line 20 in index.php | project/index.php | 10
Undefined variable $opt at line 15 in helper.php | project/helper.php | 4
..........
I am using elastic search 5.6. Thanks in advance.
Upvotes: 0
Views: 154
Answers (1)
mike b
Reputation: 514
top hits aggregation could get you there, I think.
GET errors/_search?size=0
{
"aggs": {
"error-counts": {
"terms": {
"field": "message"
},
"aggs": {
"messages": {
"top_hits": {
"size": 100
}
}
}
}
}
}
This will create buckets for each message, with a total count in each bucket, and with a list of 100 records within each bucket.
Upvotes: 1
Related Questions
- How to write complex ElasticSearch query
- convert sql to dsl elasticsearch query
- Elastic search query for SQL query
- How to write the elastic search query for this?
- Nested Query in Elastic Search
- Can i change below mysql query into elasticsearch dsl?
- how can I write this query in elasticsearch?
- how to implement the following sql query in es?
- Elasticsearch DSL query from an SQL statement
- Elasticsearch DSL query from an SQL statement