select a single field with applying filters in elasticsearch
I would like to select all the filename field values by ACCOUNT and APPLICATION_NAME Assuming as in SQL I need to do this :
select filename.keyword from XXX where ACCOUNT='monitoring' and APPLICATION_NAME='webapp'
this is a screenshot of a log entry sample in the kibana interface
selecting the unique values of a specific field is exactly like running an aggregation query at one of the SQL databases for example
selecting by field.keyword is something like passing an enum value that should exactly match one of the existing values against this field.
setting size to 0 will retrieve the aggregation result only without associating with it the list of sources.
in an agg query as I said above it is selecting one of the aggregation functions against some fields that could be one or more
incase they are multiple this should become a composite aggregation.
Composite aggregartion require specifing composite.sources in the query request body.
this query worked for me in case I wanted to selelct filename and POD_ID uniques pairs.
{
"size": "0",
"aggs": {
"custom_agg_name_whatever_you_want": {
"composite": {
"sources": [
{
"FILENAME": {
"terms": {
"field": "filename.keyword"
}
}
},
{
"POD_ID":{
"terms": {
"field": "POD_ID.keyword"
}
}
}
]
}
}
},
"query": {
"bool": {
"filter": [
{
"bool": {
"filter": [
{
"bool": {
"should": [
{
"match_phrase": {
"ACCOUNT.keyword": "searchValue"
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"match_phrase": {
"APPLICATION_NAME.keyword": "searchValue"
}
}
],
"minimum_should_match": 1
}
}
]
}
},
{
"range": {
"@timestamp": {
"format": "strict_date_optional_time",
"gte": "2022-03-21T09:09:09.277Z",
"lte": "2022-03-25T09:09:09.277Z"
}
}
}
]
}
}
}
- How to properly delete data from a table and chain the deletion
- Find procedure name in all other procedures
- SQL-How to Insert Row Without Auto incrementing a ID Column?
- Why can't I use an alias in a DELETE statement?
- How do I perform a GROUP BY on an aliased column in SQL Server?
- Running multiple SQL-Statements with Python
- Using rangeBetween considering months rather than days in PySpark
- How to find databases which accessible to me in Sql server?
- data return incorrect using left join with 2 tables
- Repeat rows specified number of times in PostgreSQL
- How to visualize database tables in postgresql using pgAdmin?
- Odata override behaviour of orderby
- Unable to open BCP host data-file
- How to join parent object with nested array using OpenJson SQL
- batch update a column using sql
- Queries using LIKE wildcards in sql server
- Conditional aggregation in SQL: display condition-dependent count in percentage?
- Parsing JSON with Oracle SQL without knowing incoming field names
- In a standard MS Access SQL query output that does not have any aliases, how do I replace the full names by their "first-letters" aliases?
- Convert SQL containing GROUP BY and SUM() to active record in CodeIgniter
- output sql data to html with hyperlink
- Update all column names to be lowercase
- SQL Server pivoting on data without an aggregate
- Flagging a row in new column based on conditions on previous and current rows
- replace or remove characters and then cast to decimal
- Export specific rows from a PostgreSQL table as INSERT SQL script
- Query to get only numbers from a string
- SQL grouping result to half hour
- table is specified twice both as a target for INSERT and as separate source of data
- SQL to JSON Need Bracket for Array that can have multiple rows