"last seen time" for a term in elasticsearch -
i have mapping has host , timestamp (among other fields), , "last seen time" number of seen hosts. there better way first term facet on host field, range query (limit=1) on each of term values sorted in descending order?
a term stats facet bring min/max timestamp each host wouldn't it?
{ "query" : { "match_all" : { } }, "facets" : { "host_time_stats" : { "terms_stats" : { "key_field" : "host", "value_field" : "timestamp" } } } }
Comments
Post a Comment