Hi everybody,
I try to write a query that return the number of documents gathered by day.
My timestamp field is like :
2018-11-22T08:52:53.933Z
I try this query :
{
"size": 0,
"sort": {
"@timestamp": "desc"
},
"aggs": {
"group_by_index": {
"terms": {
"field": "@timestamp",
"format": "yyy-MM-d",
"size": 10000
}
}
}
}
And the result is :
.....
"aggregations": {
"group_by_index": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": 1542876773933,
"key_as_string": "2018-11-22",
"doc_count": 34
},
{
"key": 1542622429233,
"key_as_string": "2018-11-19",
"doc_count": 28
},
{
"key": 1542970886679,
"key_as_string": "2018-11-23",
"doc_count": 16
},
{
"key": 1542622429214,
"key_as_string": "2018-11-19",
"doc_count": 14
},
{
"key": 1542643132128,
"key_as_string": "2018-11-19",
"doc_count": 14
},
.....
My expected result is :
....
{
"key": 1542970886679,
"key_as_string": "2018-11-23",
"doc_count": 23
},
{
"key": 1542970886679,
"key_as_string": "2018-11-22",
"doc_count": 42
},
{
"key": 1542970886679,
"key_as_string": "2018-11-21",
"doc_count": 36
},
....
So i have 2 questions :
- how to do to have the expected result ?
- Why the sort desc clause seems to not work ?
Thanks a lot for your help.
BR