Aggregate based on different timerange

Hi,

I'm having trouble figuring out how to graph a complex query in Kibana.
My issue is as follow:
I have 2 servers, each has a different number of clients connected to it.
Lets assume server1 has 100 clients connected and server2 has 200 clients connected.

I want to graph the total # of clients connected to all my servers over time.
What i'm doing now is send the # of clients connected per server to ES every second and then when i go to kibana i can graph the SUM of the clients number over all the documents per second.

The problem starts when i increase the time range to more than 1s, the SUM is now summing all the documents within the bigger timeframe which is obviously not the correct number.

So if i have something like this:

08:00 - server1 - 100
08:00 - server2 - 200
08:01 - server1 - 100
08:01 - server2 - 200
08:02 - server1 - 100
08:02 - server2 - 200
08:03 - server1 - 100
08:03 - server2 - 200

If i SUM per second, i will get:

08:00 - 300
08:01 - 300
08:02 - 300
08:03 - 300

But if i SUM per 2 seconds, i will get:

08:00 - 600 // incorrect, should be 300
08:02 - 600 // incorrect, should be 300

How can i still do this?

That's 600 though because that's the sum of all the values in that 2 second bucket.
Why do you think it should be 300?

Sorry, maybe i didn't explain it good enough.

I want to know how many distinct connections i have across all the servers.
The value that each doc has (100 & 200 in the above example) is the total number of concurrent connections connected to the server.

So if i look at server1, he never had 200 concurrent connections connected to it. At most he had 100.
When i try to look at what was the maximum number i can do it with a MAX aggregation on a per server basis.
But if i want to combine the MAX aggregation across all servers i need to SUM, but only the MAX values per timerange.

Does that makes more sense?

Yeah that makes sense.
I don't think KB can do that natively to be honest, but maybe someone else has an idea.