0

enter image description hereI have to find the data of last 10 days and then aggregate the result by grouping on one column.

below is my code:

 function countHits(){
    client.search({
      //size:0,
      body:{
        "aggs":{
                "distinct_value":{
                        "date_range":
                            {
                                    "field":"@timestamp",
                                    "format":"dd-MM-yyyy",
                                    "ranges":
                                        [
                                              {"to":"now/d"},
                                              {"from":"now-10d/d"}
                                        ]
                            }
                    }

            },"aggs":{
                "distinct_value" :{
                   "date_histogram":{
                       "field" :"@timestamp",
                       "interval":"day"
                    }
                }
            }

      }
  }).then(function(response){
    console.log(response);
      }
    )

the first aggregation gives two buckets "key:"-11-07-2016"" and key:"01-07-2016-"and their doc_counts and then second aggregation aggregates on the whole result . but i want to put the second aggregation on the result getting from only key key:"01-07-2016-*"

can someone help me on this.

user3718420
  • 151
  • 1
  • 3
  • 14
  • i removed to parameter and now getting the proper result only -one bucket only which gives result from last 10 days . – user3718420 Jul 11 '16 at 15:00
  • Place the second aggregation over the `date_range`(inside `distinct_value`). – Josué Zatarain Jul 11 '16 at 15:42
  • that will not result in the desired result - i want group by day aggregation for last 10 days . – user3718420 Jul 11 '16 at 15:55
  • You could have a range filter for your dates, and over than aggregation, do a `date_histogram`, then a `terms` aggregation with the column you want to show that has the data. Also you could do add a script to show various columns separated by a `|` symbol or something like that. – Josué Zatarain Jul 11 '16 at 16:05
  • i am getting day wise splitted buckets but i should get 10 buckets from 01-07-2016 to 11-07-2016 but i am getting from 16-06-2016 . dont know what i am missing . – user3718420 Jul 11 '16 at 16:35
  • Did you filtered your aggregation by date before the other aggregations? Remember to add the other aggregations inside the main aggregation. – Josué Zatarain Jul 11 '16 at 16:37
  • now i have added the filter:but same result. – user3718420 Jul 11 '16 at 16:54
  • "aggs": { "filter":{ "date_range": { "field":"@timestamp", "format":"dd-MM-yyyy", "ranges": [ {"from":"now-9d/d"} ] } } }, "aggs":{ "distinct_count": { "date_histogram":{ "field" :"@timestamp", "interval":"day" } } } – user3718420 Jul 11 '16 at 16:54
  • place the second aggregation right after the `}` of `filter` so that your `date_histogram` works over the filtered result. You have 2 separated aggregations instead of nested ones. – Josué Zatarain Jul 11 '16 at 18:48

0 Answers0