Are cumulative sums approximate?

WoJ · November 16, 2016, 7:43am

Hello,

I calculate a cumulative sum via cumulative_sum:

{
   "size":0,
   "aggs":{
      "vulns_day":{
         "date_histogram":{
            "field":"HOST_START_iso",
            "interval":"day"
         },
         "aggs":{
            "dates_stats":{
               "stats":{
                  "field":"HOST_START_iso"
               }
            },
            "vulns_cumulated":{
               "cumulative_sum":{
                  "buckets_path":"dates_stats.count"
               }
            }
         }
      }
   }
}

During the last days there were no new events indexed and despite this the cumulative sum shows progress. As an example (to highlight the scale of the change) on day n there were 2,406,013 accumulated events and on n+1 - 2,411,455. This is a change of 5,442 events (where the change was supposed to be 0), or about 0.2%.

I have seen in the past that some of the information provided by ES was not exact by design, I wonder if this would not be such a case as well?

(initially asked on SO)

Thank you!

system · December 14, 2016, 7:43am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Curious if theres a way to do Cumulative Sum on non Date/Historgram Aggregations Elasticsearch	1	286	March 19, 2019
Is it possible to cumulative_sum over the metric of a moving interval? Elasticsearch	2	206	October 5, 2021
How can I get a date histogram cumulative cardinality? Elasticsearch	2	1976	July 5, 2017
Cumulative Sum Regardless of Time Interval - ES Elasticsearch	5	1669	June 24, 2019
How to use cummulative sum correctly for a machine learning job? Elasticsearch elastic-stack-machine-learning	12	382	March 21, 2024

Are cumulative sums approximate?

Related topics