I have the the data of the access logs of the users in opensearch index, this data track the information of the users like at what time users access the door and got the arrival, but one user can swipe multiple time in a day so more than one entry of the user will be there.
My problem statement is : I want to find the count of the user hour wise but it should only consider the first arrival of the user, if suppose user u1 has accessed at 11 AM and then u1 again accessed at 2 PM, then I only want the count of that user at 11 AM only not at 2 PM, if I do the normal grouping aggregation by users and hour then I will get the count of that user at 11 AM and then 2 PM again which is wrong, so find the count as per the first arrival of the user and if that user is again coming then do not consider the count.
For the sake of simplicity consider I have three fields, user_name, time_of_access, location, write the opensearch query as per this
AWS OFFICIALUpdated a year ago
It looks like you need a scripted metric aggregation. https://opensearch.org/docs/latest/aggregations/metric/scripted-metric,