I am writing an elastic search query to get the unique users in two different time periods. And also the total users. This is to identify unique users to the website for today.
What I am planning todo is calculate total users and users until yesterday and then subtract (total_users - users_until_yesterday) to get the unique users for today.
users_until_yesterday is the first bucket in before_and_after_today aggregation.
When I run this query, I get the value of users_until_yesterday more than total_users. I don't know the reason
Thanks in advance for your help.
{
"size": 0,
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
{"range": {"timestamp": {"gte": "0", "lte": "now"}}}
]
}
}
}
},
"aggs": {
"before_and_after_today": {
"date_range": {"field": "timestamp", "ranges":[{"to": "now-1d"}, {"from": "now-1d"}]},
"aggs": {"time_period_unique_users": {"cardinality": {"field": "userId"}}}
},
"total_users": {
"cardinality": {"field": "userId"}
}
}
}
Update: I got it working for now by using precision_threshold as a very high value. I think it will be a problem once my values cross 40,000 since 40,000 is maximum value for precision_threshold.
