Sometimes, we may need to bucket the data, or segment the data, based on a field that has a string datatype, which is typically keyword typed fields in Elasticsearch. This is very common. Some examples of scenarios in which you may want to segment the data by a string typed field are as follows:

• Segmenting the network traffic data per department
• Segmenting the network traffic data per user
• Segmenting the network traffic data per application, or per category

The most common way to bucket or segment your string typed data is by using terms aggregation. Let's take a look at terms aggregation.