Difference between two aggregations in Kibana. Error

Elastic Stack Kibana
1

Hi,

I am trying to perform simple difference between the values in two aggregations but unable to do so...

Kibana Query

{
  "_source": false,
  "query": {
    "range": {
      "timestamp": {
        "gte": "now-90m/m",
        "lte": "now"
      }
    }
  },
  "aggs": {
    "baselineCmtsCount": {
      "cardinality": {
        "field": "cmtsId"
      }
    },
    "every45min": {
      "date_histogram": {
        "field": "timestamp",
        "fixed_interval": "45m",
        "order": {
          "_key": "asc"
        }
      },
      "aggs": {
        "cmtsPer45min": {
          "cardinality": {
            "field": "cmtsId"
          }
        }
      }
    },
    "cmtsDerivative": {
      "bucket_script": {
        "buckets_path": {
          "var1": "baselineCmtsCount.value",
          "var2": "every45min.buckets.1.cmtsPer45min.value"
        },
        "script": "params.var1 - params.var2"
      }
    }
  }
}

Is bucket_script correct or what is wrong ? Please help :slight_smile:

2

Hi, Elasticsearch provides a derivative aggregation: Derivative aggregation | Elasticsearch Guide [8.11] | Elastic

Hopefully using that aggregation type will work for you :slight_smile:

-Tim

3

Hi Tim,

I believe the derivative aggregation would work within the same aggregation ? I want to perform the difference between values of two separate aggregations:

1st agg : "baselineCmtsCount"
2nd agg : "every45min"

As per my original code I tried to do this using a script and getting the below error

  {
    "type": "aggregation_execution_exception",
    "reason": "Invalid pipeline aggregation named [cmtsDerivative] of type [bucket_script]. Only sibling pipeline aggregations are allowed at the top level"
  },
4

Hi, since this is not a Kibana topic, would you mind asking in https://discuss.elastic.co/c/elastic-stack/elasticsearch/6 to talk about this issue with the Elasticsearch experts? I want to make sure you get the best help.

Thanks,
-Tim

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.