Define first bucket's start time in aggregation query

cekeriya · April 13, 2018, 8:12am

I want to visualize the data stored on Elasticsearch. I have a time filter and bucket filter in my visualization. Let me explain my problem on my data stored in Elasticsearch.
For example; according to the "created" value the first item's "created" value is 02.03.2018. Because of this value Elasticsearch defines the first bucket time interval as 02.03.2018-05.03.2018.
On the other hand I want the data stored in Elasticsearch to bucket according to my desired time frame.
I mean I want Elasticsearch force to create bucket like 01.03.2018, 04.03.2018, 07.03.2018 etc in increasing order

Here is my query

GET alerts/sighting/_search
{
  "size": 0,
  "query": {
    "bool": {
      "filter": [
        {
          "range": {
            "created": {
              "gte": 0,
              "lte": 1611859043000,
              "format": "epoch_millis"
            }
          }
        }
      ]
    }
  },
  "aggs": {
    "HEATMAP": {
      "date_histogram": {
        "field": "created",
        "interval": "3D"
      },
      "aggs": {
        "BEHAVIOUR_CHANGE": {
          "terms": {
            "field": "labels",
            "include": "behavior-change"
          },
          "aggs": {
            "TOTAL_ALERT_SCORE": {
              "sum": {
                "field": "x_nova_confidence"
              }
            }
          }
        }
      }
    }
  }
}

Here is my result

{
  "took": 10,
  "timed_out": false,
  "_shards": {
    "total": 5,
    "successful": 5,
    "failed": 0
  },
  "hits": {
    "total": 3360,
    "max_score": 0,
    "hits": []
  },
  "aggregations": {
    "HEATMAP": {
      "buckets": [
        {
          "key_as_string": "2018-03-02T00:00:00.000Z",
          "key": 1519948800000,
          "doc_count": 729,
          "BEHAVIOUR_CHANGE": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "key": "behavior-change",
                "doc_count": 212,
                "TOTAL_ALERT_SCORE": {
                  "value": 0.0021199999999999735
                }
              }
            ]
          }
        },
        {
          "key_as_string": "2018-03-05T00:00:00.000Z",
          "key": 1520208000000,
          "doc_count": 601,
          "BEHAVIOUR_CHANGE": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "key": "behavior-change",
                "doc_count": 78,
                "TOTAL_ALERT_SCORE": {
                  "value": 0.0007799999999999907
                }
              }
            ]
          }
        },
        {
          "key_as_string": "2018-03-08T00:00:00.000Z",
          "key": 1520467200000,
          "doc_count": 433,
          "BEHAVIOUR_CHANGE": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "key": "behavior-change",
                "doc_count": 96,
                "TOTAL_ALERT_SCORE": {
                  "value": 0.0009599999999999886
                }
              }
            ]
          }
        },
        {
          "key_as_string": "2018-03-11T00:00:00.000Z",
          "key": 1520726400000,
          "doc_count": 0,
          "BEHAVIOUR_CHANGE": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": []
          }
        },
        {
          "key_as_string": "2018-03-14T00:00:00.000Z",
          "key": 1520985600000,
          "doc_count": 0,
          "BEHAVIOUR_CHANGE": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": []
          }
        },
        {
          "key_as_string": "2018-03-17T00:00:00.000Z",
          "key": 1521244800000,
          "doc_count": 0,
          "BEHAVIOUR_CHANGE": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": []
          }
        },
        {
          "key_as_string": "2018-03-20T00:00:00.000Z",
          "key": 1521504000000,
          "doc_count": 0,
          "BEHAVIOUR_CHANGE": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": []
          }
        },
        {
          "key_as_string": "2018-03-23T00:00:00.000Z",
          "key": 1521763200000,
          "doc_count": 0,
          "BEHAVIOUR_CHANGE": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": []
          }
        },
        {
          "key_as_string": "2018-03-26T00:00:00.000Z",
          "key": 1522022400000,
          "doc_count": 365,
          "BEHAVIOUR_CHANGE": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": []
          }
        },
        {
          "key_as_string": "2018-03-29T00:00:00.000Z",
          "key": 1522281600000,
          "doc_count": 0,
          "BEHAVIOUR_CHANGE": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": []
          }
        },
        {
          "key_as_string": "2018-04-01T00:00:00.000Z",
          "key": 1522540800000,
          "doc_count": 0,
          "BEHAVIOUR_CHANGE": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": []
          }
        },
        {
          "key_as_string": "2018-04-04T00:00:00.000Z",
          "key": 1522800000000,
          "doc_count": 3,
          "BEHAVIOUR_CHANGE": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": []
          }
        }
      ]
    }
  }
}

system · May 11, 2018, 8:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.