0

I'm trying to execute some aggregate queries against data in TSI. For example:

{
    "searchSpan": {
        "from": "2018-08-25T00:00:00Z",
        "to": "2019-01-01T00:00:00Z"
    },
    "top": {
        "sort": [
            {
                "input": {
                    "builtInProperty": "$ts"
                }
            }
        ]
    },
    "aggregates": [
        {
            "dimension": {
                "uniqueValues": {
                    "input": {
                        "builtInProperty": "$esn"
                    },
                    "take": 100
                }
            },
            "measures": [
                {
                    "count": {}
                }
            ]
        }
    ]
}

The above query, however, does not return any record, although there are many events stored in TSI for that specific searchSpan. Here is the response:

{
    "warnings": [],
    "events": []
}

The query is based on the examples in the documentation which can be found here and which is actually lacking crucial information for requirements and even some examples do not work...

Any help would be appreciated. Thanks!

Vladislav
  • 2,772
  • 1
  • 23
  • 42

1 Answers1

1

@Vladislav,

I'm sorry to hear you're having issues. In reviewing your API call, I see two fixes that should help remedy this issue: 1) It looks like you're using our /events API with payload for /aggregates API. Notice the "events" in the response. Additionally, “top” will be redundant for /aggregates API as we don't support top-level limit clause for our /aggregates API. 2) We do not enforce "count" property to be present in limit clause (“take”, “top” or “sample”) and it looks like you did not specify it, so by default, the value was set to 0, that’s why the call is returning 0 events.

I would recommend that you use /aggregates API rather than /events, and that “count” is specified in the limit clause to ensure you get some data back.

Additionally, I'll note your feedback on documentation. We are ramping up a new hire on documentation now, so we hope to improve the quality soon.

I hope this helps!

Andrew

ashannon7
  • 71
  • 1
  • Thanks a lot for your input, @ashannon! It appears that my main problems was the endpoint. That explains why some examples in the documentation did not work. Apologies on my oversight. – Vladislav Oct 01 '18 at 06:59