Average doc_count per hour?

Elastic Stack Elasticsearch
1

Is there a way I can use "avg" aggregation to return just the "average
documents" in an hour/min/date-range?

What I am trying to do is this -

I have fed the Nginx server logs to elasticsearch, now I want to know whats
the average number of responses that returned 50x, 40x and 20x per hour for
last 5 hours.
Possible to do?

I could get the "for last 5 hours" part with date_histogram, also, 50x, 40x
and 20x part was easy using aggregation buckets. But couldn't find how to
get avg of "doc_count" :frowning:

Any help would be appreciated.

Regards,
Shrinath M

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/9f0d44b0-e4da-42f4-b446-d7d5a6018907%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

2

Hi Shrinath,

I think this could be done easily on client-side? For instance, you could
compute the total number of documents over the X past hours, and then you
would just have to divide by X to get the average per hour. Would this work
for you?

On Mon, Apr 14, 2014 at 8:41 AM, Shrinath M shrinath.m@webyog.com wrote:

Is there a way I can use "avg" aggregation to return just the "average
documents" in an hour/min/date-range?

What I am trying to do is this -

I have fed the Nginx server logs to elasticsearch, now I want to know
whats the average number of responses that returned 50x, 40x and 20x per
hour for last 5 hours.
Possible to do?

I could get the "for last 5 hours" part with date_histogram, also, 50x,
40x and 20x part was easy using aggregation buckets. But couldn't find how
to get avg of "doc_count" :frowning:

Any help would be appreciated.

Regards,
Shrinath M

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/9f0d44b0-e4da-42f4-b446-d7d5a6018907%40googlegroups.comhttps://groups.google.com/d/msgid/elasticsearch/9f0d44b0-e4da-42f4-b446-d7d5a6018907%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
Adrien Grand

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAL6Z4j6%2BmQzDZYGoZF4HURDpaXMoJP-c0j-_Mj9epwZovo7Lgg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

3

That definitely works, but since ES is already giving all the data neatly that can be directly plotted on graph without any logic or messing with keys, I thought it would be cleaner if ES had that option.

Sent using CloudMagic

On Mon, Apr 14, 2014 at 2:35 PM, Adrien Grand <adrien.grand@elasticsearch.com> wrote:

Hi Shrinath,

I think this could be done easily on client-side? For instance, you could compute the total number of documents over the X past hours, and then you would just have to divide by X to get the average per hour. Would this work for you?

On Mon, Apr 14, 2014 at 8:41 AM, Shrinath M <shrinath.m@webyog.com> wrote:

Is there a way I can use "avg" aggregation to return just the "average documents" in an hour/min/date-range?

What I am trying to do is this -

I have fed the Nginx server logs to elasticsearch, now I want to know whats the average number of responses that returned 50x, 40x and 20x per hour for last 5 hours. Possible to do?

I could get the "for last 5 hours" part with date_histogram, also, 50x, 40x and 20x part was easy using aggregation buckets. But couldn't find how to get avg of "doc_count" :frowning:

Any help would be appreciated.

Regards, Shrinath M

--

You received this message because you are subscribed to the Google Groups "elasticsearch" group.

To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/9f0d44b0-e4da-42f4-b446-d7d5a6018907%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Adrien Grand

--

You received this message because you are subscribed to a topic in the Google Groups "elasticsearch" group.

To unsubscribe from this topic, visit https://groups.google.com/d/topic/elasticsearch/DdD5cXgw1PM/unsubscribe.

To unsubscribe from this group and all its topics, send an email to elasticsearch+unsubscribe@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAL6Z4j6%2BmQzDZYGoZF4HURDpaXMoJP-c0j-_Mj9epwZovo7Lgg%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--

You received this message because you are subscribed to the Google Groups "elasticsearch" group.

To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/76aaed7bb8dd23662d1fdb11156b92%40ip-10-0-3-140.

For more options, visit https://groups.google.com/d/optout.