in elasticsearch how to write Aggregations terms in order to group by time per 5 minutes

Question

some data in elasticsearch like this:

{"info":"fwefwefwef","is_fail":0,"result":404,"key":"845722d85520c91f345b08aba3233c96","duration":1,"lts_at":1479786902}

'lts_at is' timestamp, and i want to group by datas in 'floor(lts_at/300)'

{ 
"aggs": {
    "per_5minute": {
        "terms": {
            "field": "lst_at/300"
        }
    }
}

how to write the Aggregations query?

What's the result you're getting from the aggs you've mentioned above? — Kulasangar, Nov 29 '16 at 04:43

score 0 · Answer 1 · answered Nov 29 '16 at 04:52

You can try using a date_histogram aggregation with interval 5 minutes instead, like this:

{
    "aggs" : {
        "per_5minute" : {
            "date_histogram" : {
                "field" : "lst_at",
                "interval" : "5m"
            }
        }
    }
}

If you want to stick with the terms aggregation, then you need to use a script instead:

{ 
"aggs": {
    "per_5minute": {
        "terms": {
            "script": {
                "inline": "Math.floor(doc.lst_at.value / 300)"
            }
        }
    }
}

For this to work, you need to enable dynamic scripting

in elasticsearch how to write Aggregations terms in order to group by time per 5 minutes

1 Answers1