I have an index with "event" documents. Each event has a property called "receiptId". Several events can have the same receiptId.
I need to find a receiptId with at least 1000 events - how can I write some kind of query for that? I use Sense.
I'm a beginner with Elasticsearch and I've tried to read their documentation, but can't seem to figure it out. I hope my question is clear enough.
You can use a terms aggregation with the min_doc_count setting, like this:
POST events/_search
{
"size": 0,
"aggs": {
"receipts": {
"terms": {
"field": "receiptId",
"min_doc_count": 1000
}
}
}
}