timesketch icon indicating copy to clipboard operation
timesketch copied to clipboard

Published 20 hours ago verified publisher icon google

Allow terms aggregation to return all buckets

Open berggren opened this issue 5 years ago • 3 comments

Need to use Composite aggregator for streaming results.

berggren avatar Aug 07 '19 13:08 berggren

@berggren seeing the number of thumbs up here, can you elaborate on what that means and what effort would be needed?

jaegeral avatar Jul 07 '21 11:07 jaegeral

@berggren can you elaborate what this meant? I have no idea :-)

jaegeral avatar Mar 28 '23 13:03 jaegeral

In order to return all buckets without setting the size to 10000 (example) then we need to use composit aggregations.

This is not high on the prio list because the use-case is fairly limited.

berggren avatar Jul 13 '23 14:07 berggren