Hi,
I have two fields *request_url (analysed)* and *url_report (not_analysed)
. *Both has the same content .
The index has only one shard. The following is the aggregations query ,
{"from": 0,"size": 0, "query": {
"bool": {
"must": {
"query_string": {
"query": "request_url:\"login\"",
"default_operator": "and"
} } } },
"aggregations": {
"unique_url_report_count": {
"cardinality": {
"field": "url_report"
}},
"unique_url_report_values": {
"terms": {
"field": "url_report",
"size": 1000
}}}}
The ElasticSearch response is,
- took: 312 timed_out: false
- _shards: { total: 1 successful: 1 failed: 0}
- hits: {total: 5711 max_score: 0 hits: [ ]}
- aggregations: {
- unique_url_report_count: { value: 3}
- unique_url_report_values: {
- buckets: [
-
- { key: /login
- doc_count: 5708
}
- {
-
- key: /ui/settings/login-history.jsp
- doc_count: 2
}
- {
- key: /home
- doc_count: 1
}
]}}}
The first 2 buckets are ok since it has login , but the 3rd bucket seems
wrong . Am i missing anything ?
-
-
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/b725ab85-3fcb-4c3c-a8b1-f3eee20e6718%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
