jordansissel/0result.md

## 0result.md

      
    Raw
  

              0result.md
            
          
    Computing it -

% curl -s 'localhost:9200/logstash-*/_search?pretty' -d @req.json | jq '[ .aggregations["2"].buckets[] | { key: (.key_as_string), value: (.["3"].buckets[]["4"].buckets | .[1]["doc_count"] / .[0]["doc_count"]) } ] | [ .[].value ] | length as $count | add / $count'
0.005472730173337497

  
## req.json
{
  "size": 0,
  "query": {
    "filtered": {
      "query": {
        "query_string": {
          "query": "_type:connectiontests AND platform.os:osx AND address:rubygems.org",
          "analyze_wildcard": true
        }
      },
      "filter": {
        "bool": {
          "must": [
            {
              "range": {
                "@timestamp": {
                  "gte": 1423282450933,
                  "lte": 1423325650933
                }
              }
            }
          ],
          "must_not": []
        }
      }
    }
  },
  "aggs": {
    "2": {
      "date_histogram": {
        "field": "@timestamp",
        "interval": "10m",
        "pre_zone": "-08:00",
        "pre_zone_adjust_large_interval": true,
        "min_doc_count": 1,
        "extended_bounds": {
          "min": 1423282450933,
          "max": 1423325650933
        }
      },
      "aggs": {
        "3": {
          "terms": {
            "field": "address.raw",
            "size": 5,
            "order": {
              "_count": "desc"
            }
          },
          "aggs": {
            "4": {
              "terms": {
                "field": "result.raw",
                "size": 5,
                "order": {
                  "_count": "desc"
                }
              }
            }
          }
        }
      }
    }
  }
}
	{
	"size": 0,
	"query": {
	"filtered": {
	"query": {
	"query_string": {
	"query": "_type:connectiontests AND platform.os:osx AND address:rubygems.org",
	"analyze_wildcard": true
	}
	},
	"filter": {
	"bool": {
	"must": [
	{
	"range": {
	"@timestamp": {
	"gte": 1423282450933,
	"lte": 1423325650933
	}
	}
	}
	],
	"must_not": []
	}
	}
	}
	},
	"aggs": {
	"2": {
	"date_histogram": {
	"field": "@timestamp",
	"interval": "10m",
	"pre_zone": "-08:00",
	"pre_zone_adjust_large_interval": true,
	"min_doc_count": 1,
	"extended_bounds": {
	"min": 1423282450933,
	"max": 1423325650933
	}
	},
	"aggs": {
	"3": {
	"terms": {
	"field": "address.raw",
	"size": 5,
	"order": {
	"_count": "desc"
	}
	},
	"aggs": {
	"4": {
	"terms": {
	"field": "result.raw",
	"size": 5,
	"order": {
	"_count": "desc"
	}
	}
	}
	}
	}
	}
	}
	}
	}