Sometimes, we may need to bucket the data, or segment the data, based on a field that has a string datatype, which is typically keyword typed fields in Elasticsearch. This is very common. Some examples of scenarios in which you may want to segment the data by a string typed field are as follows:
- Segmenting the network traffic data per department
- Segmenting the network traffic data per user
- Segmenting the network traffic data per application, or per category
The most common way to bucket or segment your string typed data is by using terms aggregation. Let's take a look at terms aggregation.