Hi guys, I'd like to count all entries in my ES instance, having a timestamp from the *last day* and *group together all entries having the same "instanceId"*. With the data below, the count result should be 1 (and not 2) since 2 entries are within the last day but they have the same instanceId of "def".
I tried the following: curl -XPOST "http://localhost:9200/installs/install/_search?pretty=1&fields=_source,_timestamp"; -d' { "aggs": { "lastday" : { "filter" : { "range" : { "_timestamp" : { "gt" : "now-1d" } } }, "aggs" : { "instanceids" : { "terms" : { "field" : "instanceId" } } } } } }' But I have 3 problems with this: * It's not a count but a search. "aggs" don't seem to work with _count * It returns all entries in the result before the aggs data * In the aggs I don't get a direct count value and I have to count the number of buckets to get my answer I'm pretty sure there's a simpler way but I'm having a hard time figuring it out. Also could this query be expressed fully in the Query DSL? Data: ===== curl -XDELETE "http://localhost:9200/installs"; curl -XPUT "http://localhost:9200/installs"; curl -XPUT "http://localhost:9200/installs/install/_mapping"; -d' { "install" : { "_timestamp" : { "enabled" : true, "store" : true }, "properties" : { "formatVersion" : { "type" : "string", "index" : "not_analyzed" }, "instanceId" : { "type" : "string", "index" : "not_analyzed" }, "distributionId" : { "type" : "string", "index" : "not_analyzed" }, "distributionVersion" : { "type" : "string", "index" : "not_analyzed" } } } }' curl -XPOST "http://localhost:9200/installs/install?timestamp=2014-03-20"; -d' { "formatVersion" : "2.0", "instanceId" : "abc", "distributionId" : "org.xwiki.enterprise:xwiki-enterprise-web", "distributionVersion" : "6.0-milestone-1" }' curl -XPOST "http://localhost:9200/installs/install"; -d' { "formatVersion" : "2.0", "instanceId" : "def", "distributionId" : "org.xwiki.enterprise:xwiki-enterprise-web", "distributionVersion" : "5.4.3" }' curl -XPOST "http://localhost:9200/installs/install"; -d' { "formatVersion" : "2.0", "instanceId" : "def", "distributionId" : "org.xwiki.enterprise:xwiki-enterprise-web", "distributionVersion" : "5.4.3" }' Thanks a lot for any help or pointers. -Vincent -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/162805ff-5fa8-4a9a-9c77-a13922c09486%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
