I have to use 3 fields ( answer , question;keyword , source)
My requirement is I need to Exclude the Field answer = "UNHANDLED"
I need the Field question.keyword
I need to INCLUDE the Field source = "sonax"
I Used the below query to get the output. But After applying the field answer = "UNHANDLED" I am still getting the Unhandled records in the data.
{
"query": {
"bool": {
"must_not": {
"term": {
"answer": "UNHANDLED"
}
},
"must": {
"term": {
"source": "sonax"
}
}
}
},
"aggs": {
"top_tags": {
"terms": {
"field": "question.keyword"
},
"aggs": {
"top_faq_hits": {
"top_hits": {
"_source": {
"includes": [
"answer"
]
},
"size": 1
}
}
}
}
}
}
Regards, Prabhu
Adding a working example with index data, search query, and search result
Index Data:
{
"question": "c",
"answer": "UNHANDLED",
"source": "sonax"
}
{
"question": "b",
"answer": "c",
"source": "titan"
}
{
"question": "b",
"answer": "q",
"source": "sonax"
}
{
"question": "d",
"answer": "a",
"source": "volvo"
}
Search Query:
{
"query": {
"bool": {
"must_not": {
"term": {
"answer.keyword": "UNHANDLED"
}
},
"must": {
"term": {
"source.keyword": "sonax"
}
}
}
},
"aggs": {
"top_tags": {
"terms": {
"field": "question.keyword"
},
"aggs": {
"top_faq_hits": {
"top_hits": {
"_source": {
"includes": [
"source"
]
},
"size": 1
}
}
}
}
}
}
Search Result:
"aggregations": {
"top_tags": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "b",
"doc_count": 1,
"top_faq_hits": {
"hits": {
"total": {
"value": 1,
"relation": "eq"
},
"max_score": 0.6931471,
"hits": [
{
"_index": "65567523",
"_type": "_doc",
"_id": "3",
"_score": 0.6931471,
"_source": {
"source": "sonax"
}
}
]
}
}
}
]
}
}