kibana - Unable to drop result bucket in terms aggregation - Elasticsearch -


i have documents in elasticsearch following structure:

   "mappings": {   "document": {     "properties": {       "@timestamp": {         "type": "date",         "format": "strict_date_optional_time||epoch_millis"       },       "@version": {         "type": "string"       },       "id_secuencia": {         "type": "long"       },       "event": {         "properties": {           "elapsedtime": {             "type": "double"           },           "requesttime": {             "type": "date",             "format": "strict_date_optional_time||epoch_millis"           },           "error": {             "properties": {               "errorcode": {                 "type": "string",                 "index": "not_analyzed"               },               "failuredetail": {                 "type": "string"               },               "fault": {                 "type": "string"               }             }           },           "file": {             "type": "string",             "index": "not_analyzed"           },           "messageid": {             "type": "string"           },           "request": {             "properties": {               "body": {                 "type": "string"               },               "header": {                 "type": "string"               }             }           },           "responsetime": {             "type": "date",             "format": "strict_date_optional_time||epoch_millis"           },           "service": {             "properties": {               "operation": {                 "type": "string",                 "index": "not_analyzed"               },               "project": {                 "type": "string",                 "index": "not_analyzed"               },               "proxy": {                 "type": "string",                 "index": "not_analyzed"               },               "version": {                 "type": "string",                 "index": "not_analyzed"               }             }           },           "timestamp": {             "type": "date",             "format": "strict_date_optional_time||epoch_millis"           },           "user": {             "type": "string",             "index": "not_analyzed"           }         }       },       "type": {         "type": "string"       }     }   } }

and need retrieve list of unique values field "event.file" (to show in kibana data table) according following criteria:

  • there more 1 document same value field "event.file"

  • all occurences value of "event.file" have resulted in error (field "event.error.errorcode" exists in documents)

for purpose approach i've been testing use of terms aggregation, can list of buckets documents single file name. haven't been able achieve drop of resulting buckets in aggregation according previous criteria (if @ least 1 of them not have error bucket should discarded).

is correct approach or there better/easier way type of result?

thanks lot.

after trying out several queries found following approach (see query below) valid purpose. problem see apparently not possible in kibana, has no support pipeline aggregations (see https://github.com/elastic/kibana/issues/4584).

{   "query": {     "bool": {       "must": [         {           "filtered": {             "filter": {               "exists": {                 "field": "event.file"               }             }           }         }       ]     }   },   "size": 0,   "aggs": {     "file-events": {       "terms": {         "field": "event.file",         "size": 0,         "min_doc_count": 2       },       "aggs": {         "files": {           "filter": {             "exists": {               "field": "event.file"             }           },           "aggs": {             "totalfiles": {               "value_count": {                 "field": "event.file"               }             }           }         },         "errors": {           "filter": {             "exists": {               "field": "event.error.errorcode"             }           },           "aggs": {             "totalerrors": {               "value_count": {                 "field": "event.error.errorcode"               }             }           }         },         "exhausted": {           "bucket_selector": {             "buckets_path": {               "total_files":"files>totalfiles",               "total_errors":"errors>totalerrors"             },             "script": "total_errors == total_files"           }         }       }     }   } }

again, if i'm missing feedback appreciated :)


Comments

Post a Comment

Popular posts from this blog

jOOQ update returning clause with Oracle -

according http://www.jooq.org/doc/3.8/manual/sql-building/sql-statements/update-statement/ jooq doesn't support returning clause in update statements databases except firebird , postgres. does know, still correct oracle jooq? according oracle's documentation, oracle db supports returning clase delete, insert, or update statements. incorrect manual you're right - manual wrong , should fixed: https://github.com/jooq/jooq/issues/5470 single row update returning jooq 3.8 added support single row update .. returning statements. internally, uses callablestatement , pl/sql block of form: begin update "my_table" set "my_table"."column" = 'xyz' "my_table"."id" = 1 returning "my_table"."id", "my_table"."column" ?, ?; ? := sql%rowcount; end; the relevant issue is: https://github.com/jooq/jooq/issues/5190 multi row update returning a...
Read more

java - Warning equals/hashCode on @Data annotation lombok with inheritance -

i have entity inherits other. on other hand, i'm using lombok project reduce boilerplate code, put @data annotation. annotation @data inheritance produces next warning: generating equals/hashcode implementation without call superclass, though class not extend java.lang.object. if intentional, add '@equalsandhashcode(callsuper=false)' type. is advisable add annotation @equalsandhashcode (callsuper = true) or @equalsandhashcode (callsuper = false) ? if not added, 1 callsuper=false or callsuper=true ? the default value false . 1 if don't specify , ignore warning. yes, recommended add @equalsandhashcode annotation on @data annotated classes extend else object. cannot tell if need true or false , depends on class hierarchy, , need examined on case-by-case basis. however, project or package, can configure in lombok.config call super methods if not direct subclass of object. lombok.equalsandhashcode.callsuper = call for configuration system ...
Read more

java - BasicPathUsageException: Cannot join to attribute of basic type -

i using java 8 jpa (hibernate 5.2.1). have clause works perfectly, until introduce clause make use foreign key table values too. i getting following error: basicpathusageexception: cannot join attribute of basic type i think problem related fact have join table, , not sure how create join using join table. employee - employee_category - category model (employee.java): @manytomany(cascade = cascadetype.all, fetch=fetchtype.eager) @jointable ( name="employee_category", joincolumns={ @joincolumn(name="emp_id", referencedcolumnname="id") }, inversejoincolumns={ @joincolumn(name="cat_id", referencedcolumnname="id") } ) private set<category> categories; model (category.java): @id private string id; jpa when introduce following code, fails error above (i think problem new piece of code): join<t, category> category = from.join("id"); predicates.add(criteriabuilder.like(category....
Read more