{
“size”: 0,
“query”: {
“bool”: {
“filter”: [
{
“range”: {
“@time”: {
“gte”: “2024-07-12T14:20:00Z”,
“lt”: “2024-07-12T14:25:00Z”
}
}
}
],
“must”: [
{
“term”: {
“stst.keyword”: {
“value”: “vk”
}
}
}
],
“must_not”: [
{
“terms”: {
“app.keyowrd”: [
“aap1”,
“app2”,
“app3”
“app4”
]
}
}
]
}
},
“aggs”: {
“times”: {
“date_histogram”: {
“field”: “@time”,
“fixed_interval”: “5m”
},
“aggs”: {
“field1”: {
“terms”: {
“size”: 10000,
“field”: “field1.keyword”
},
“aggs”: {
“field2”: {
“terms”: {
“size”: 10000,
“field”: “field2.keyword”
},
“aggs”: {
“field3”: {
“terms”: {
“size”: 10000,
“field”: “field3.keyword”
},
“aggs”: {
“field4”: {
“terms”: {
“size”: 10000,
“field”: “field4.keyword”
},
“aggs”: {
“duravg”: {
“avg”: {
“field”: “timefield”
}
}
}
}
}
}
}
}
}
}
}
}
}
}
You mean the size parameter in the terms aggregation? That means the max bucket size, at most 10000 buckets will be returned, the parameter limits up to 65,536.
Ok Thank for the response.
You mean the size parameter in the terms aggregation? Yes, correct.
But If we don’t add size parameter in the terms aggregations then what is the impact on data?
Is it necessary to add size parameter in terms aggregations?
The size parameter in terms aggregation defaults to 10, if you don’t specify the parameter, the it will only return the top 10 buckets, so it depends on your requirement.
@gaobinlong Thank you so much for the valuable information.