0

I'm new to ELK Stack. I'm working on a Kibana dashboard to find the delta(difference) of count of each day from previous day. So, that we can know how much increase was there in the sales of each day comapared to previous day

For reference : Present Dashboard Wrote a query to find the count for each date and the bucket aggregated with the version number.

My query:

{
  "aggs": {
    "2": {
      "date_histogram": {
        "field": "install_date",
        "interval": "1d",
        "time_zone": "America/New_York",
        "min_doc_count": 1
      },
      "aggs": {
        "3": {
          "terms": {
            "field": "version.keyword",
            "size": 50,
            "order": {
              "_key": "desc"
            },
            "script": "( _value.indexOf('-') > 0 ? _value.substring(0, _value.indexOf('-')+2) : _value )"
          },
          "aggs": {
            "1": {
              "sum_bucket": {
                "buckets_path": "1-bucket>_count"
              }
            },
            "1-bucket": {
              "date_histogram": {
                "field": "install_date",
                "interval": "1d",
                "time_zone": "America/New_York",
                "min_doc_count": 1
              }
            }
          }
        }
      }
    }
  },
  "size": 0,
  "_source": {
    "excludes": []
  },
  "stored_fields": [
    "*"
  ],
  "script_fields": {},
  "docvalue_fields": [
    {
      "field": "deploy_date_asset_tag",
      "format": "date_time"
    },
    {
      "field": "deploy_date_localtime",
      "format": "date_time"
    },
    {
      "field": "install_date",
      "format": "date_time"
    },
    {
      "field": "timestamp",
      "format": "date_time"
    },
    {
      "field": "ui_legacy_access",
      "format": "date_time"
    },
    {
      "field": "ui_satori_access",
      "format": "date_time"
    }
  ],
  "query": {
    "bool": {
      "must": [
        {
          "match_all": {}
        },
        {
          "match_all": {}
        },
        {
          "range": {
            "timestamp": {
              "gte": 1408458089497,
              "lte": 1566224489497,
              "format": "epoch_millis"
            }
          }
        }
      ],
      "filter": [],
      "should": [],
      "must_not": []
    }
  }
}
couch_potato
  • 3
  • 2
  • For an explanation of asking a better question: https://stackoverflow.com/help/minimal-reproducible-example – Stephopolis Aug 19 '19 at 14:35
  • maybe you are looking for this https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-pipeline-serialdiff-aggregation.html next time do give some time into doing some research and let us know what all things you've tried. – Akash Aug 19 '19 at 18:33

1 Answers1

0

Thanks for the replies. The Question is solved! Have to use serial differentiation Aggregation of date_histogram.

couch_potato
  • 3
  • 2