TechQA.

Ignoring duplicates within elastic search

163 views Asked by At

I have many records where the msg is 'a'. Some of these records have the same type.

I'm trying to write a query that counts the number of with msg 'a', but doesn't count duplicates.

Example:

  • 1: msg = 'a', type = 'b'
  • 2: msg = 'a', type = 'b'
  • 3: msg = 'a', type = 'c'

This should return a count of two because the first and second records have the same type and are only counted once.

Here is my query so far.

body: {
  query: {
    bool: {
      must: [
        {
          range: {
            "@timestamp" => { from: 'now-1d', to: 'now' }
          }
        },
        { match: { msg: 'a' }}
      ]
    }
  }
}

Any help is appreciated!

elasticsearch elasticsearch-query
Original Q&A
1

There are 1 answers

2
aclowkay On

Try using aggregations they'll count it for you :) Read here: https://www.elastic.co/guide/en/elasticsearch/reference/5.5/search-aggregations-bucket-terms-aggregation.html

And try something like this:

body:{
query: {
    bool: {
      must: [
        {
          range: {
            "@timestamp" => { from: 'now-1d', to: 'now' }
          }
        },
        { match: { msg: 'a' }}
      ]
    }
  }
},
  aggs:{
     "type":{
        "terms":{
              "field":"type"
         }
     }
  }
}

Related Questions in ELASTICSEARCH

Related Questions in ELASTICSEARCH-QUERY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions