I am trying to measure the number of users into different categories based on their weekly activities by reading the events_log_index ES, this index has all the user interactions from a mobile. Therefore the user might have several records in the event index.
The intention is divided users into : very active users(those with more than 5 sessions weekly), mild(3 weekly sessions), inactive (< 3 weekly sessions). So first i want to get:
- the number of these users in each bucket, ([something similar to this ] but am not sure how to implement this or what to use exactly should i group by session_id (Aggregation with terms and cardinality deliver different results))
- extract the users who fall in each of these categories (will i need a script to get these users or i can use the aggregates inside the query ??)
can you please provide me with an example or resource that i can use.
some of the fields in the mapping include:
- sid: session_id
- uid: user_id
- location: nested object containing the users country and city
{
"properties": {
"city": {
"type": "keyword"
},
"country_long": {
"type": "keyword"
},
"country_short": {
"type": "keyword"
},
"ip": {
"type": "keyword"
},
"loc": {
"type": "geo_point"
},
"region": {
"type": "keyword"
}
}
}