mrwithersea/elasticsearch-dedup-earliest-event.json

## elasticsearch-dedup-earliest-event.json
{
  "size": 0,
  "query": {
    "match": {
      "event": "generate_docx"
    }
  },
  "aggs":{
    "dedupe_event_by_factfind" : {
      "terms":{
        "field": "factFindId.keyword",
	"size": 10000
       },
       "aggs":{
         "earliest_event_in_range":{
           "filter": {
           	 "range": {
           	 	"@timestamp": {
           	 		"from": "now-7d/d",
           	 		"to": "now/d"
           	 	}
           	 }
           },
           "aggs": {
           	   "earliest_event": {
		           "top_hits":{
		             "size":1,
		             "sort": [
		                {
			                "@timestamp": {
			                	"order": "asc"
			                }
		                }
		              ]
		           }
           	   }
           }
         }
      }
    }
  },
  "highlight" : {
        "fields" : {
            "@timestamp" : {}
        }
    }
}
	{
	"size": 0,
	"query": {
	"match": {
	"event": "generate_docx"
	}
	},
	"aggs":{
	"dedupe_event_by_factfind" : {
	"terms":{
	"field": "factFindId.keyword",
	"size": 10000
	},
	"aggs":{
	"earliest_event_in_range":{
	"filter": {
	"range": {
	"@timestamp": {
	"from": "now-7d/d",
	"to": "now/d"
	}
	}
	},
	"aggs": {
	"earliest_event": {
	"top_hits":{
	"size":1,
	"sort": [
	{
	"@timestamp": {
	"order": "asc"
	}
	}
	]
	}
	}
	}
	}
	}
	}
	},
	"highlight" : {
	"fields" : {
	"@timestamp" : {}
	}
	}
	}