Date_histogram and day buckets

gturner · October 1, 2019, 3:55pm

Hi,

Previously on v5 when using the following query we would only be returned the buckets that are within the range specified. We need the min buckets to be able to graph correctly.

On v7.3 the same query returns a bucket for every day since 1/1/1970. I've struggled to work out how to disregard the buckets outside the range, or even why it is now doing this.

Any help/advice would be much appreciated as the docs aren't offering up any answers.

{
   "query" : {
      "bool" : {
         "filter" : [
            {
               "range" : {
                  "StartField" : {
                     "gte" : 1567292400,
                     "lte" : 1569884399,
                     "format" : "epoch_second"
                  }
               }
            }
         ]
      }
   },
   "size" : 0,
   "aggs" : {
      "accountTotals" : {
         "terms" : {
            "size" : 10,
            "field" : "account"
         },
         "aggs" : {
            "periods" : {
               "date_histogram" : {
                  "field" : "StartField",
                  "interval" : "day",
                  "format" : "dd-MM-YYYY",
                  "min_doc_count": 0,
                  "extended_bounds" : {
                     "min" : "01-09-2019",
                     "max" : "30-09-2019"
                  }
               },
               "aggs" : {
                  "Totals" : {
                     "value_count" : {
                        "field" : "messageId"
                     }
                  }
               }
            }
         }
      }
   }
}

gturner · October 4, 2019, 3:02pm

Just thought I'd also post a simpler example that shows the same issue, results all the way from 1970, outside of the bounds requested

{
   "size" : 0,
    "aggs" : {
        "by_day" : {
            "date_histogram" : {
                "field" : "StartField",
                "format" : "dd-MM-YYYY",
                "interval" : "day",
                  "extended_bounds" : {
                     "min" : "01-09-2019",
                     "max" : "30-09-2019"
                  }
            }
        }
    }
}

abdon · October 7, 2019, 11:16am

You need to provide a format with lower case ys instead of upper case Ys.

Like this:

{
  "size": 0,
  "aggs": {
    "by_day": {
      "date_histogram": {
        "field": "@timestamp",
        "format": "dd-MM-yyyy",
        "interval": "day",
        "extended_bounds": {
          "min": "01-09-2019",
          "max": "30-09-2019"
        }
      }
    }
  }
}

You can find the syntax for custom date formats in the documentation for DateTimeFormatter .

gturner · October 9, 2019, 8:54am

So simple and yet so easy to miss. Thank you kindly!

I need to dig deeper though as this worked correctly in V5

abdon · October 9, 2019, 9:10am

Elasticsearch switched date libraries from v6 to v7. Some date formats have changed as a result of that. This seems to be one of those changes, that caused your format to work in v5, but not in v7.

gturner · October 9, 2019, 9:45am

Thank you for the info

system · November 6, 2019, 9:45am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Date_histogram returning wrong number of buckets Elasticsearch	2	358	March 18, 2020
Date_histogram buckets not as expected Elasticsearch	10	906	March 30, 2017
Date Histogram empty buckets and number of buckets Elasticsearch	5	2824	July 5, 2017
Date histogram doesn't create buckets for dates later than the last record found, even with 'extended_bounds' min value of 0. How do I fix this? Elasticsearch	4	454	November 20, 2019
Histogram Aggregation: With minimum doc count and extended bounds Elasticsearch	3	1913	July 5, 2017

Date_histogram and day buckets

Related topics