DilTeam
Reputation: 2661
ElasticSearch: Filter by distinct count during aggregation
The following query returns distinct Ids in order by largest distinct count of Ids. What I would like to do is "include only those IDs for which total number of documents is less than 2000"
{
"size": "0",
"query": {
"range": {
"@timestamp": {
"gte": "2020-10-20T00:00:00",
"lt": "2020-10-21T00:00:00"
}
}
},
"aggs": {
"ids": {
"terms": {
"field": "Id.keyword",
"size": 1000
}
}
}
}
I tried adding filter by 'doc_count' but that didn't help. How do I do this?
Upvotes: 1
Views: 507
Answers (1)
Bhavya
Reputation: 16172
You can filter the buckets using bucket_selector aggregation
Bucket Selector Aggregation is a parent pipeline aggregation which executes a script which determines whether the current bucket will be retained in the parent multi-bucket aggregation.
{
"size": "0",
"query": {
"range": {
"@timestamp": {
"gte": "2020-10-20T00:00:00",
"lt": "2020-10-21T00:00:00"
}
}
},
"aggs": {
"ids": {
"terms": {
"field": "Id.keyword",
"size": 1000
},
"aggs": {
"count_filter": {
"bucket_selector": {
"buckets_path": {
"values": "_count"
},
"script": "params.values < 2000" <-- note this
}
}
}
}
}
}
Upvotes: 2
Related Questions
- Distinct query in ElasticSearch
- Elasticsearch aggregation with unqiue counting
- elasticsearch query for count of distinct field value with where condition on another field
- Elasticsearch COUNT of DISTINCT in GROUP BY
- ElasticSearch: How to filter aggregation by keys count?
- Find distinct values, not distinct counts in elasticsearch
- how to distinct value after query in elasticsearch
- How to perform a distinct count query in Elasticsearch
- Elasticsearch aggregation on distinct keys
- Aggregation distinct values in ElasticSearch