diff --git a/tools/requirements-devel.txt b/tools/requirements-devel.txt
index 219522f2b..a946d533e 100644
--- a/tools/requirements-devel.txt
+++ b/tools/requirements-devel.txt
@@ -6,3 +6,4 @@ elasticsearch-async
 setuptools
 wheel
 pymisp
+pytest
diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py
index dbc14cf2e..fed70bc2d 100644
--- a/tools/sigma/backends/elasticsearch.py
+++ b/tools/sigma/backends/elasticsearch.py
@@ -294,7 +294,7 @@ class ElasticsearchDSLBackend(RulenameCommentMixin, ElasticsearchWildcardHandlin
                                                 "buckets_path": {
                                                     "count": count_distinct_agg_name
                                                 },
-                                                'script': script_limit
+                                                "script": script_limit
                                             }
                                         }
                                     }
diff --git a/tools/tests/test_backend_elasticsearch.py b/tools/tests/test_backend_elasticsearch.py
new file mode 100644
index 000000000..b984ff70d
--- /dev/null
+++ b/tools/tests/test_backend_elasticsearch.py
@@ -0,0 +1,30 @@
+from sigma.backends.elasticsearch import ElasticsearchDSLBackend
+from sigma.configuration import SigmaConfiguration
+from sigma.parser.condition import SigmaAggregationParser
+
+
+def test_backend_elastic():
+    sigma_config = SigmaConfiguration()
+    backend = ElasticsearchDSLBackend(sigma_config)
+
+    # setup the aggregator input object without calling __init__()
+    agg = object.__new__(SigmaAggregationParser)
+    agg.condition = "3"
+    agg.cond_op = "<"
+    agg.aggfunc = SigmaAggregationParser.AGGFUNC_COUNT
+    agg.aggfield = "aggfield"
+    agg.groupfield = "groupfield"
+
+    # Make queries non-empty
+    backend.queries = [{}]
+
+    backend.generateAggregation(agg)
+
+    assert len(backend.queries) == 1, "backend has exactly one query"
+    assert (
+        "groupfield_count" in backend.queries[0]["aggs"]["aggs"]
+    ), "groupfield_count is the top aggregation key"
+    assert (
+        "aggfield_distinct"
+        in backend.queries[0]["aggs"]["aggs"]["groupfield_count"]["aggs"]
+    ), "aggfield_distinct is the nested aggregation key"
diff --git a/tools/tests/test_parsing.py b/tools/tests/test_parsing.py
index eeb0d7ea9..4d3d1588e 100644
--- a/tools/tests/test_parsing.py
+++ b/tools/tests/test_parsing.py
@@ -1 +1,3 @@
+
 def test_collection():
+    pass