Hi
I'm trying to extract every hour the amount of unique users who logged in the past 24 hours. For this I use the cardinality aggregation with a range on the time. I use ELK 6.3.
GET logins/_search
{
"_source": "user_id",
"query": {
"range": {
"time": {
"gte": 1537016400.0,
"lt": 1537102800.0
}
}
},
"aggs": {
"unique_users": {
"cardinality": {
"field": "user_id"
}
}
}
}
This yields me the same result every time, when I raise the precision threshold I get the same result still (254202 unique users).
However, when I execute this query using the Python API (Python 3.6), I get three different results (254202, 202847, 209580 unique users). These values alternate consistently. The correct value is among them, but I need to know which one it is of course. Am I missing something? An extra option in Python? Raising the precision threshold in Python did not help.
Any help is much appreciated.