About bucket aggregation

med_barka · April 3, 2019, 12:03pm

hello, i want to bucket my documents according to a change of a field
e.g : i have 3 fields : timestamp, name, switch (boolean field that i want to change bucket accordingly to it) and data :
2019-02-08T07:06:01.106Z |name1 |0
2019-02-08T08:06:01.106Z| name2 | 0
2019-02-08T09:06:01.106Z| name3| 1
2019-02-08T10:06:01.106Z| name4| 0
2019-02-08T10:06:01.106Z| name5| 0

So the results would be 3 bucket :
bucket1 having docs(name1,name2),
bucket 2 having docs(name3),
bucket 3 having docs(name4,name5)
Can this be done ?
Thanks.

med_barka · April 4, 2019, 4:07pm

any idea please? i tried this one but it gives only two bucket with 0 and 1

GET idx_name/_search
{
  "size": 0, 
    "query": {
      "bool": {
        "filter": {
          "term": { "allData.uid" : "12121" } }
        }}
    ,"sort": { "@timestamp": {"order": "asc" }}
     ,"aggs": {
           "switch":
                {"terms": {"field": "allData.switch"}}
           }
}

system · May 2, 2019, 4:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.