Hi Jochen, Yes, it seems tricky to deal with distinct groups in Elastic. Most of what I find are people looking for counts only, or grouping in more complex ways. I was able to craft a (deprecated) facets query to elastic directly like this:
curl -X POST "http://localhost:9200/_all/_search?pretty=true"; -d ' { "query" : { "query_string" : {"query" : "*"} }, "facets" : { "users" : { "terms" : {"field" : "UserName", "size":1000000} } } } ' That returns all of the distinct terms in the UserName field, up to 1 million records. This should be done using the Aggregations queries instead, but this Facets query does work. On Monday, July 27, 2015 at 2:22:53 AM UTC-6, Jochen Schalanda wrote: > > Hi Jesse, > > unfortunately that's currently not possible with the query language of > Graylog/Lucene. Feel free to add this as a feature request in our product > portal (https://www.graylog.org/product-ideas/). > > > Cheers, > Jochen > > On Monday, 27 July 2015 01:22:11 UTC+2, Jesse Skrivseth wrote: >> >> Hello all. I'm wondering how to export the list of all distinct values >> for a given field. The list of the top 50 from Quick Values won't work. Our >> lists will be several hundred long. >> > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
