Hello Community ,
I am new to querying elastic , there is a requirement -> I have logs on elk with field names request(string) and average response time (Number) , I want to first specify a date_range in query and find out for all Mondays in this range and then the expected response is array of request and average_response_time for each monday (falling in the date range) from time 00:00:00.000 to 23:59:59.999, how can I proceed with this?
Welcome!
If you don't have a field like day_of_week in your dataset, you can't directly query it.
But you can do something like:
GET /bytes-discuss-02/_search
{
"runtime_mappings": {
"question.day_of_week": {
"type": "keyword",
"script": {
"source": """
emit(doc['question.date'].value.dayOfWeek.getDisplayName(TextStyle.FULL, Locale.ROOT));
"""
}
},
"solution.day_of_week": {
"type": "keyword",
"script": {
"source": """
emit(doc['solution.date'].value.dayOfWeek.getDisplayName(TextStyle.FULL, Locale.ROOT));
"""
}
}
},
"fields": [
"title",
"question.author.username",
"solution.author.username",
"question.day_of_week",
"solution.day_of_week"
],
"query": {
"multi_match": {
"analyzer": "whitespace",
"query": "Monday",
"fields": [
"*.day_of_week"
]
}
},
"_source": false
}
You can see a full demo here:
The script:
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.