Count values within an element created today

Elastic Stack Elasticsearch
1

Hi all,

I'm trying to create a query to retrieve a list of elements that indicates the number of appearance for current day.
For example, I have logs with logLevel that could be ERROR, INFO, WARN, ..

So far I have this, but what I'm not able to do is just display the ones from current day

	"aggs": {
		"count" : {
			"terms" : {
				"field" : "logLevel.keyword"
			}
		}
	}

Result from the query above

  ...  },
  "aggregations" : {
    "count" : {
      "doc_count_error_upper_bound" : 0,
      "sum_other_doc_count" : 0,
      "buckets" : [
        {
          "key" : "INFO",
          "doc_count" : 311355
        },
        {
          "key" : "WARN",
          "doc_count" : 26441
        },
        {
          "key" : "ERROR",
          "doc_count" : 15065
        }
      ]
    }
  }
}

How can I filter the query in order to get just the number of records generated during current day?

Thanks in advance

2

You should use range filter, here is a sample (you will have to adapt it to your needs, this is one will filter on documents created on the last 7 days)

"filter": [{
    "range" : {
        "@timestamp" : {
            "gte":  "now-7d/d",
            "lte": "now/d"
        }
    }
}]
3

I'm a bit clumsy, would it be possible to show me how it would be the correct way to add the filter?
I'm trying several posibilities with no luck.

4

I'm trying with this query but somehow is not returning values and I can't find the reason

POST _search?size=0
{
  "aggs": {
    "docs": {
      "filter": {
        "range": {
          "eventTimestamp" : {
              "lt" : "2019-10-29 00:00:00",
              "gte" :  "2019-10-29 23:59:59"
          }
        }
      },
      "aggs": {
        "count": {
          "terms": {
            "field": "logLevel.keyword"
          }
        }
      }
    }
  }
}
5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.