Aggregation: Difference of Two Date Fields to Aggregate Timedeltas

Elastic Stack Elasticsearch
1

  1. I have two date fields in my index (e.g., start_time and end_time). How can I build a histogram that aggregates the difference, e.g., end_time - start_time to find a total time? I could reindex everything, calculate the differences, store it separately, and run the aggregation on the stored field, but is there any way to do this at query time?

  2. I want to do it at query time, because I have more than 2 date fields, I have several dozen. To precalculate every combination would require O([number of dates]^2) to be saved in each document. I took a look at bucket_script pipeline aggregations, will they do the trick?

  3. Final question part: The dates are stored in nested documents, my mapping looks like this:

/index-name/_mapping?pretty
{
  "index-name" : { "mappings" : {
      "doc-type" : {
        "properties" : {
          "event_field" : {
            "type" : "nested",
            "properties" : {
              "date" : { "type" : "date" },
              "type" : { "type" : "keyword" }
            }
          }
        }
      }
    } }
}

What I would really like to do is aggregate on the difference of the dates in a nested field with type property X with the date of a nested field with type property Y. Am I asking too much? Thanks.

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.