hi,
lets consider we have 2 records:
{
"@timestamp": "2020-12-11T11:13:00",
"time": {
"a": 200,
"b": 2
}
}
{
"@timestamp": "2020-12-11T12:13:00",
"time": {
"a": 100,
"b": 10
}
}
I would like to get average value for "a" and "b". Following works fine:
{
"size": 0,
"aggs": {
"foo": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "1d"
},
"aggs": {
"avg_a": {
"avg": {
"field": "time.a"
}
},
"avg_b": {
"avg": {
"field": "time.b"
}
}
}
}
}
}
But I dont know what fields wil available, or maybe I will have 100 of them and I just dont want to write large query. I am looking for query where I can specify that I am interested in any field from "time" e.g:
{
"size": 0,
"aggs": {
"foo": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "1d"
},
"aggs": {
"all_fields": {
"avg": {
"field": "time.*"
}
}
}
}
}
}
Or maybe I could use different approach:
{
"@timestamp": "2020-12-11T11:13:00",
"time": [
{
"name": "a",
"time": 200
},
{
"name": "b",
"time": 20
}
]
}
{
"@timestamp": "2020-12-11T12:13:00",
"time": [
{
"name": "a",
"time": 100
},
{
"name": "b",
"time": 10
}
]
}
I could now group by terms
{
"size": 0,
"aggs": {
"foo": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "1d"
},
"aggs": {
"avg_time": {
"terms": {
"field": "time.name.keyword"
}
}
}
}
}
}
but how to get average value from single bucket?
thanks