Aggregation using elastic search

0
votes

I have my search query for fetch latest 5000 documents from my elastic DB as below

{ 
  "size": 5000, 
  "from": 0, 
  "query": {
        "range" : {
            "hostTimestamp" : {
                "gte" : 1499674634382,
                "lte" : 1499680034000
            }
        }
  },
  "sort": [
    {
      "hostTimestamp": {
        "order": "desc"
      }
    }
  ]
}

Now in the documents that are fetched as result of this query I want to count no of documents with eventSeverity as Alert or Critical. How can this be achieved?

1
elasticsearchelasticsearch-aggregation

1 Answers

1
votes

You can achieve that with a terms aggregation on the eventSeverity field:

{ 
  "size": 5000, 
  "from": 0, 
  "query": {
        "range" : {
            "hostTimestamp" : {
                "gte" : 1499674634382,
                "lte" : 1499680034000
            }
        }
  },
  "sort": [
    {
      "hostTimestamp": {
        "order": "desc"
      }
    }
  ],
  "aggs": {                  <--- add this part
    "severities": {
      "terms": {
        "field": "eventSeverity"
      }
    }
  }
}