I have this query
GET /my_index3/_search
{
"size": 0,
"aggs": {
"num1": {
"terms": {
"field": "num1.keyword",
"order" : { "_count" : "desc" }
},
"aggs": {
"count_of_distinct_suffix": {
"cardinality" :{
"field" : "suffix.keyword"
},
"aggs": {
"filter_count": {
"bucket_selector": {
"buckets_path": {
"the_doc_count": "_count"
},
"script": "params.doc_count == 2"
}
}
}
}
}
}
}
}
Output:
"key" : "1563866656878888",
"doc_count" : 42,
"count_of_distinct_suffix" : {
"value" : 2
}
},
{
"key" : "1563866656871111",
"doc_count" : 40,
"count_of_distinct_suffix" : {
"value" : 2
}
},
{
"key" : "1563867854325555",
"doc_count" : 36,
"count_of_distinct_suffix" : {
"value" : 1
}
},
{
"key" : "1563867854323333",
"doc_count" : 12,
"count_of_distinct_suffix" : {
"value" : 1
}
},
I want to see only the results which have "count_of_distinct_suffix" : { "value" : 2 }
I'm thinking about bucket selector aggregation but it's impossible to add it into the cardinality aggs...
"aggs": {
"my_filter": {
"bucket_selector": {
"buckets_path": {
"the_doc_count": "_count"
},
"script": "params.doc_count == 2"
}
}
}
It gives me the following error: Aggregator [count_of_distinct_suffix] of type [cardinality] cannot accept sub-aggregations
Do you guys have any idea to solve it?
Thank you very much for any help in advance !!
You don't have to add the bucket_selector aggs as a sub aggregation of cardinality aggs. Instead you should add it parallel to it as below:
{
"size": 0,
"aggs": {
"num1": {
"terms": {
"field": "num1.keyword",
"order": {
"_count": "desc"
}
},
"aggs": {
"count_of_distinct_suffix": {
"cardinality": {
"field": "suffix.keyword"
}
},
"my_filter": {
"bucket_selector": {
"buckets_path": {
"the_doc_count": "count_of_distinct_suffix"
},
"script": "params.the_doc_count == 2"
}
}
}
}
}
}