A problem when I search data from "now-24h" to "now"

Hey, I'm trying to search some data from ES, here's my curl command from kibana:

GET filebeat*/_search?size=0
{
"query":{
"bool": {
"filter": {
"range": {
"@timestamp": {
"gte": "now-24h",
"lte": "now"
}
}
}
}
},
"aggs": {
"peers_per_hour": {
"date_histogram": {
"field": "@timestamp",
"interval": "hour",
"format": "yyyy-MM-dd:HH:mm",
"min_doc_count": 0
},
"aggs": {
"peers": {
"avg": {
"field": "peers"
}
}
}
}
}
}

And here's what I got:

"aggregations": {
"peers_per_hour": {
"buckets": [
{
"key_as_string": "2018-06-21:07:00",
"key": 1529564400000,
"doc_count": 20,
"peers": {
"value": 216.85
}
},
{
"key_as_string": "2018-06-21:08:00",
"key": 1529568000000,
"doc_count": 22,
"peers": {
"value": 216.85
}
},
{
"key_as_string": "2018-06-21:09:00",
"key": 1529571600000,
"doc_count": 21,
"peers": {
"value": 49.9
}
},
{
"key_as_string": "2018-06-21:10:00",
"key": 1529575200000,
"doc_count": 45,
"peers": {
"value": 209.20454545454547
}
},
{
"key_as_string": "2018-06-21:11:00",
"key": 1529578800000,
"doc_count": 43,
"peers": {
"value": 215.71428571428572
}
}
]
}
}

I want the last 24-hour data, but ES only return 5 buckets, any thing wrong with my command ?
Thanks!

Don't use hour as the aggregation interval if you want larger buckets (e.g. days) in the aggregation.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.