I have a time series data where each document kinda looks like this:
{"ID": ABC1,
"timestamp": "2015-01-01T12:12:12",
"key": myKey,
"value": 433}
I'm trying to write an aggregation to get the count of keys that appear under each ID in the first two hours using a range query.
What's the syntax for picking up the minimum timestamp?
I know something like this picks up the min but I'm not sure where to put it. Do I need a script?
"time_min": {
"min": {
"field": "timestamp"
}
}
Once I get that I could use something like:
"range": {
"timestamp": {
"gte": "time_min",
"lte": "time_min+2h/h"
}
}
Thank you!