eduzen/index.json

## index.json
{
"_index": "credential",
"_type": "_doc",
"_id": "Credential_9515338",
"_score": 1,
"_source": {
  "created_at": "2018-09-28T17:34:45.427081+00:00",
  "reference_id": "CeZlKnimSC",
  "email_domain": {
    "domain": "bbva-continental-pe.securepe.net",
    "id": 436041
  },
  "portal_domain": {
    "domain": "lopez.com",
    "id": 1757910
  },
  "username_domain": {
    "domain": "lopez.com",
    "id": 1757910
  }
}

## query.json
{
  "query": {
    "bool": {
      "should": [
        {
          "nested": {
            "path": "email_domain",
            "query": {
              "terms": {
                "email_domain.domain": [
                  "cryptopia.co.nz",
                  "zara.su",
                ]
              }
            }
          }
        },
        {
          "nested": {
            "path": "portal_domain",
            "query": {
              "terms": {
                "portal_domain.domain": [
                  "cryptopia.co.nz",
                  "zara.su"
                ]
              }
            }
          }
        },
        {
          "nested": {
            "path": "username_domain",
            "query": {
              "terms": {
                "username_domain.domain": [
                  "zara.su"
                ]
              }
            }
          }
        }
      ]
    }
  },
  "aggs": {
     "domain": {
        "nested": {
          "path": "portal_domain"
        },
        "aggs": {
          "email_domain": {
            "terms": {
              "field": "portal_domain.domain",
              "size": 50
            }
          },
          "aggs": {
            "nested": {
              "path": "username_domain"
            },
            "aggs": {
              "username_domain": {
                "terms": {
                  "field": "username_domain.domain",
                  "size": 10
                }
              },
              "aggs": {
                "nested": {
                  "path": "email_domain"
                },
                "aggs": {
                    "email_domain": {
                      "terms": {
                        "field": "email_domain.domain",
                        "size": 10
                      }
                    }
                }
              }
            }
          }
        }
     },
     "aggs": {
        "filter": {
          "range": {
              "created_at": {
                  "gt": "now-6M"
              }
          }
        },
        "aggs": {
          "by_month": {
            "date_histogram": {
              "field":    "created_at",
              "interval": "month",
              "format":   "yyyy-MM"
            }
          }
        }
     }
  }
}

## results.txt
I need to group all credentiasl by domains in total, last 10 months and by month
              totals  total_in_last_10months  2018/01   2018/02
lopez.com       1         0                     0         0
lopez.co.nz     1         1                     1         0
	{
	"_index": "credential",
	"_type": "_doc",
	"_id": "Credential_9515338",
	"_score": 1,
	"_source": {
	"created_at": "2018-09-28T17:34:45.427081+00:00",
	"reference_id": "CeZlKnimSC",
	"email_domain": {
	"domain": "bbva-continental-pe.securepe.net",
	"id": 436041
	},
	"portal_domain": {
	"domain": "lopez.com",
	"id": 1757910
	},
	"username_domain": {
	"domain": "lopez.com",
	"id": 1757910
	}
	}
	{
	"query": {
	"bool": {
	"should": [
	{
	"nested": {
	"path": "email_domain",
	"query": {
	"terms": {
	"email_domain.domain": [
	"cryptopia.co.nz",
	"zara.su",
	]
	}
	}
	}
	},
	{
	"nested": {
	"path": "portal_domain",
	"query": {
	"terms": {
	"portal_domain.domain": [
	"cryptopia.co.nz",
	"zara.su"
	]
	}
	}
	}
	},
	{
	"nested": {
	"path": "username_domain",
	"query": {
	"terms": {
	"username_domain.domain": [
	"zara.su"
	]
	}
	}
	}
	}
	]
	}
	},
	"aggs": {
	"domain": {
	"nested": {
	"path": "portal_domain"
	},
	"aggs": {
	"email_domain": {
	"terms": {
	"field": "portal_domain.domain",
	"size": 50
	}
	},
	"aggs": {
	"nested": {
	"path": "username_domain"
	},
	"aggs": {
	"username_domain": {
	"terms": {
	"field": "username_domain.domain",
	"size": 10
	}
	},
	"aggs": {
	"nested": {
	"path": "email_domain"
	},
	"aggs": {
	"email_domain": {
	"terms": {
	"field": "email_domain.domain",
	"size": 10
	}
	}
	}
	}
	}
	}
	}
	},
	"aggs": {
	"filter": {
	"range": {
	"created_at": {
	"gt": "now-6M"
	}
	}
	},
	"aggs": {
	"by_month": {
	"date_histogram": {
	"field": "created_at",
	"interval": "month",
	"format": "yyyy-MM"
	}
	}
	}
	}
	}
	}
	I need to group all credentiasl by domains in total, last 10 months and by month
	totals total_in_last_10months 2018/01 2018/02
	lopez.com 1 0 0 0
	lopez.co.nz 1 1 1 0