Hi all,
I'm indexing time series documents containing a timestamp as well as an integer value which i want to have a running total for, starting from the first indexed document and adding all of the supplied values of the field over time. If i query a date range i want to have the absolute sum for values up to each document and not only to sum for the queried time range (as with the SUM or CUMSUM aggregation). Also this should adjust if documents with older timestamps get indexed later on.
So given documents like this:
{ "Timestamp": "2020-06-29T11:00:00Z", "Value": 0 },
{ "Timestamp": "2020-06-29T12:00:00Z", "Value": 25 },
{ "Timestamp": "2020-06-29T13:00:00Z", "Value": 29 },
{ "Timestamp": "2020-06-29T14:00:00Z", "Value": 399 }
I would expect results like this:
{ "Timestamp": "2020-06-29T11:00:00Z", "Value": 0, "Value_sum": 0 },
{ "Timestamp": "2020-06-29T12:00:00Z", "Value": 25, "Value_sum": 25 },
{ "Timestamp": "2020-06-29T13:00:00Z", "Value": 29, "Value_sum": 54 },
{ "Timestamp": "2020-06-29T16:00:00Z", "Value": 399, "Value_sum": 453 }
... and if i then add this document "in between" the last two...
{ "Timestamp": "2020-06-29T15:00:00Z", "Value": 23 }
... i would then expect this to return:
{ "Timestamp": "2020-06-29T15:00:00Z", "Value": 23, "Value_sum": 77 }
... and i would expect the last document to update to this:
{ "Timestamp": "2020-06-29T16:00:00Z", "Value": 399, "Value_sum": 476 }
If i query only the date range for some of the documents (e.g. filtering for "Timestamp" >= "2020-06-29T13:00:00Z" ) i would expect to get the correct "Value_sum" for each document (so 476 for the last document from the example), which as far as i'm aware is currently not possible with aggregation.
Is there any way to achieve this using Elasticsearch or is this kind of "continuous aggregation" currently not possible?
Best regards