Elasticsearch: returning all document fields when using facets

Question

I created a log parser that puts each parsed log line into Elastic Search as a documents with fields like timestamp, error_code, message.

Now, the problem is to display errors grouped by error_code, but for each error_code there should be the number of occurrences, the time of last occurrence (i.e. max timestamp) and an example of message (preferably the last one).

I know facets can be used to determine all unique error_codes and the total count of occurrences for each one. But how do I get timestamp and message?

Answer 1

What you're looking for is called Field Collapsing and isn't there yet in ElasticSearch (see https://github.com/elasticsearch/elasticsearch/issues/256) . It's available in Solr though.