Aggregation on `doc_count` of previous Aggregation

hoalongrbvn · January 17, 2017, 10:22am

Hello,

My system log all login action of users to ES, and I want to know how frequency they are login.
Data structure is simple, each time one user logged in, userId and currentTime are saved, one document for one login. Eg:

{ userId: 1, currentTime: "2017-01-01T00:00:00.000Z" },
{ userId: 3, currentTime: "2017-01-01T01:01:15.000Z" },
{ userId: 4, currentTime: "2017-01-01T04:01:18.000Z" },
{ userId: 5, currentTime: "2017-01-01T08:04:25.000Z" },
{ userId: 4, currentTime: "2017-01-02T02:03:47.000Z" },
{ userId: 1, currentTime: "2017-01-02T09:07:12.000Z" },
{ userId: 4, currentTime: "2017-01-03T11:31:12.000Z" }

From 2017-01-01 to 2017-01-03:

There are 2 users login one time: userId 3 and 5
There is 1 user login two times: userId 1
There is 1 user login three times: userId 4
...

The final result I want is something like:

{
  "1": 2, /* 1 time */
  "2_3": 2 /* 2 to 3 times */,
  "4_*": 0 /* More than 4 times */
}

I would greatly appreciate if somebody can help. Thank you.

colings86 · January 17, 2017, 10:53am

This isn't currently possible in aggregations, we do have an issue open for adding this kind of aggregation to pivot on the results of other aggregations: https://github.com/elastic/elasticsearch/issues/17590

system · February 14, 2017, 10:53am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.