Can i use _source field inside aggregations?

Elastic Stack Elasticsearch
1

Hi,

I have documents with some many fields, i want to find the count of documents that are inserted after certain hour which can be done by using range query but among all documents fields i want only Timestamp field should be displayed .

I used the following query

 {
      "_source": [
        "fields.Timestamp"
      ],
      "aggs": {
        "last_5_mins": {
          "filter": {
            "range": {
              "fields.Timestamp": {
                "gt": "2017-02-10T10:07:04.4367673Z"
              }
            }
          }
        }
      }
    }

When i saw the output i didnt get the Timestamp for the matched documents rather i got for the documents that are not matched with my query.

MY output:

"hits": {
    "total": 6,
    "max_score": 1,
    "hits": [
      {
        "_index": "matrix",
        "_type": "neo",
        "_id": "5",
        "_score": 1,
        "_source": {
       }
      },
      {
        "_index": "matrix",
        "_type": "neo",
        "_id": "2",
        "_score": 1,
        "_source": {
          "fields": {
            "Timestamp": "2017-02-10T10:07:04.4367673Z"
          }
        }
      },
      {
        "_index": "matrix",
        "_type": "neo",
        "_id": "4",
        "_score": 1,
        "_source": {
          "fields": {
            "Timestamp": "2017-02-10T10:07:04.4836472Z"
          }
        }
      },
      {
        "_index": "matrix",
        "_type": "neo",
        "_id": "6",
        "_score": 1,
        "_source": {

        }
      },
      {
        "_index": "matrix",
        "_type": "neo",
        "_id": "1",
        "_score": 1,
        "_source": {
          "fields": {
            "Timestamp": "2017-02-10T10:07:04.4367673Z"
          }
        }
      },
      {
        "_index": "matrix",
        "_type": "neo",
        "_id": "3",
        "_score": 1,
        "_source": {
          "fields": {
            "Timestamp": "2017-02-10T10:07:12.1147415Z"
          }
        }
      }
    ]
  },
  "aggregations": {
    "last_5_mins": {
      "doc_count": 2
    }
  }
}

How can i get the timestamp for the matched documents?
Thanks..

2

I'm not sure you even need an aggregation. A regular query will also include a total (in my test document I have the attribute timestamp at the root level):

{
  "_source": [
    "timestamp"
  ],
  "query": {
    "range": {
      "timestamp": {
        "gte": "now-5m",
        "lte": "now"
      }
    }
  }
}
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.