Hi all,
I am relatively new to Elasticsearch and am trying to write a script that is supposed to compare two different aggregations.
For example, I have 2 sum aggregations of the same field, but calculated at 2 different time
intervals, as shown below.
2xxCount = {
"_source": {
"includes": [ "indexname", "tags"] },
"query": {
"bool" : {
"must" : { "match" : { "tags" : "sample_tag" } },
"must" : {"range" : {"logdate" : {"gte": "now", "lte": "now-1d/d"}}}
}
},
"size" : 0,
"aggs" : {
"total_2xx_count_today": {"sum" : { "field": "2xx_count" }}
}
}
2xxLast2Days = {
"_source": {
"includes": [ "indexname", "tags"] },
"query": {
"bool" : {
"must" : { "match" : { "tags" : "sample_tag" } },
"must" : {"range" : {"logdate" : {"gte": "now", "lte": "now-2d/d"}}}
}
},
"size" : 0,
"aggs" : {
"total_2xx_count_yesterday": {"sum" : { "field": "2xx_count" }}
}
}
Note that these aggregations are in 2 different body (2xxCount and 2xxLast2Days).
This returns the count of the 2xx calculated during those 2 time intervals. Is there any way I can compare the result of these 2 aggregations? Ideally, what I am trying to do is check if the count is increasing on specific days compared to other days.
Any help is appreciated!