Hello,
I have an index that contains documents such as the follow:
{
"event" : "pageView",
"owner" : "5dbec3a4-55bf-4c83-912e-6ddb56623bc4",
"session" : "c17b4d6c-dfea-4ecb-8c6f-7401f8f8595a",
"createdAt" : "2019-07-15T17:03:34Z"
}
I am looking to group information by each unique session UUID and after that group them into a Date Histogram per 24h.
The following query does seem to retrieve what I am looking:
GET events/_search?size=0&filter_path=aggregations.sessions_over_time.buckets
{
"query": {
"bool": {
"filter": [{
"term": {
"owner.keyword": "5dbec3a4-55bf-4c83-912e-6ddb56623bc4"
}
}]
}
},
"aggs": {
"sessions_over_time": {
"date_histogram": {
"field": "createdAt",
"interval": "24h",
"format": "yyyy-MM-dd"
},
"aggs": {
"unique_sessions": {
"terms": {
"field": "session.keyword"
}
},
"total_sessions": {
"sum_bucket": {
"buckets_path": "unique_sessions>_count"
}
}
}
}
}
}
However:
-
How can I retrieve only the date intervals from histogram+total_sessions and not the unique sessions in the answer? Of course I need unique_sessions to be present to be able to calculate the total_sessions, but I don't need it at all in the response.
-
I should specify a size in the unique_sessions term agg othersize a default size of 10 will be used and will limit the veracity of the data, is that right? I have read that composite aggregation might help on this case as it gets the entire data being able to scroll efficiently. How could I use such agg here?
Thanks!
EDIT:
-
Meanwhile, I figured it out I could just use this filter_path and that would cleanup a lot of the response for me:
GET analytics/_search?size=0&filter_path=aggregations.sessions_over_time.buckets.key_as_string,aggregations.sessions_over_time.buckets.total_sessions
If there is any other neat way to do it that would involve less processing somehow, let me know.
The 2) point still needs some clarification however.