I have a timeseries that consists of events like "user has visited page x". If I want to know the total number of visits for a page, I can use a cardinality aggregation.
However, I want to (for example) see the total views of a specific page per day over the last week. If I use a date_histogram, I get much more buckets than I need. If I, however, restrict the date range using a range filter on the query, the cumulative sum would no longer be correct (since it no longer counts the views outside of the given range).
A bucket_selector might work, but I think due to the usage of a script that isn't a good idea.
Or maybe execute a multi search with two queries: one for the buckets I want, and one for the cumulative views until the beginning of the first bucket, then adding that value to all the buckets clientside.
So: what would be the "best" way to get only buckets for the last week (in that example), without loosing the cumulative sum outside of the desired range?