pbTrick
Reputation: 1
Kibana Watcher: Aggregation not working if only one hit by query
I have the following kibana watcher with aggregation of the results:
"aggs": {
"group_by_ip": {
"multi_terms": {
"terms": [
{
"field": "request"
},
{
"field": "Message"
},
{
"field": "applicationcluster“
}
]
}
}
If the query returns only one hit, the aggregation bucket seems to be empty.
"result": {
"execution_time": "2024-03-22T10:44:25.407Z",
"execution_duration": 775,
"input": {
"type": "search",
"status": "success",
"payload": {
"_shards": {
"total": 3,
"failed": 0,
"successful": 3,
"skipped": 0
},
"hits": {
"hits": [],
"total": 1,
"max_score": null
},
"took": 17,
"timed_out": false,
"aggregations": {
"group_by_ip": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": []
}
}
}
Is there any way to perform the aggregation even if there´s only one hit? Thanks!
Executing the watcher and aggregation works with one single hit.
Upvotes: 0
Views: 62
Answers (0)
Related Questions
- Elastic Search Query | Aggregation | Nested Aggregation
- Elasticsearch: how to find a document by number in logs
- Kibana composite query pagination
- Using Vega with Elasticsearch data containing nested aggregations (or dividing one aggregation by another in Elasticsearch)
- Elasticsearch - How to order buckets using keyword field
- Too many buckets, aggregation fails on histogram
- Kibana: Field collapsing and inner hits not working for visualizations
- Build a Kibana Histogram with buckets dynamically created by ElasticSearch terms aggregation