0

How can I convert this Elastic search query into nest query. the query is given Bellow . GET winlogbeat-6.6.0*/_search?size=0

{
  "query": {
    "match_all": {}
  },
  "aggs": {
    "success ": {
      "filter": {
        "term": {
          "event_id": 4624 
        }
      }

    },
    "failed": {
      "filter": {
        "term": {
          "event_id": 4625 
        }
      }
    }
  }
}

The desired out Output in Kibana is as follow 

    {
      "took" : 13120,
      "timed_out" : false,
      "_shards" : {
        "total" : 37,
        "successful" : 37,
        "skipped" : 0,
        "failed" : 0
      },
      "hits" : {
        "total" : 299924794,
        "max_score" : 0.0,
        "hits" : [ ]
      },
      "aggregations" : {
        "failed" : {
          "doc_count" : 351643
        },
        "success " : {
          "doc_count" : 40375274
        }
      }
    }

this is my code and i need to convert it NEST to get the desired result . Thanks

Improve this question
3
  • Could you share what you have tried so far? Commented Aug 6, 2019 at 15:25
  • var queryWinlogbeat_6_6_0 = _elasticClient.Search<winlogbeat_6_6_0>(q => q .Index("winlogbeat-6.6.0*") .Size(0) .Aggregations(a => a .Filter("Success", fa => fa .Filter(f => f.Term(o => o.event_id, 4624)) ) ) ); This code return me correct record for "success" bucket but how to another filter for "failed" bucked Commented Aug 6, 2019 at 16:00
  • 1
    @NisarAhmad you can edit a question to add additional detail, like what you have tried so far. This would also allow you to format it Commented Aug 6, 2019 at 21:21

1 Answer 1

Reset to default
1

You are almost there, you just need to add another case by calling .Filter(..) on aggregations descriptor

var searchResponse = await client.SearchAsync<Document>(s => s
    .Query(q => q.MatchAll())
    .Aggregations(a => a
        .Filter("success", success => success
            .Filter(filter => filter
                .Term(t => t.Field(f => f.EventId).Value(4624))))
        .Filter("failed", failed => failed
            .Filter(filter => filter
                .Term(t => t.Field(f => f.EventId).Value(4625))))));

public class Document
{
    public int Id { get; set; }
    public int EventId { get; set; }
}

Hope that helps.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.