In my index I have multiple documents having field event.code with different values like below –
"event": {"code": "98"},
"event": {"code": "99"},
"event": {"code": "98"},
"event": {"code": "88"}.
I want Elasticsearch aggregation query which gives me count of particular event code. For eg: count of event.code 98 as 2.(Basically count for particular value is needed not for the field)
There are many count aggregation questions available on stack overflow itself but none of them answering my doubt. Kindly help me on the same.
Thanks in advance.
>Solution :
Here is an example
"size": 0,
"aggs": {
"event_code_count": {
"filter": {
"term": {
"event.code": "98"
}
},
"aggs": {
"event_code_count": {
"value_count": {
"field": "event.code"
}
}
}
}
}
}
In this example, we are using the terms aggregation in combination with a filter to get the count of a particular event code, which is 98 in this case. The value_count aggregation is nested within to count the occurrences of that specific event code.
To explain the query structure:
- The
sizeparameter is set to 0, which means we only want the aggregation results without returning any documents. - The outer
event_code_countaggregation is a filter aggregation targeting the fieldevent.codewith thetermfilter for value 98. - Within the
event_code_countaggregation, thevalue_countaggregation is used to count the occurrences of theevent.codefield.
The result will provide you with the count of the specific event code