Facet question histogram and group by

mobsniuk · July 13, 2011, 4:59am

I am trying to do a graph of CPU load recorded from a log. I'd like
hourly averages. I thought the following might work but all I get is a
single entry. I'd also like to know how I could do something like
group by. I have an IP address associated with each entry. I read that
multiple facets are allowed but haven't seen any examples so far on
how one might accomplish this.

{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"term": {
"@type": "devicecpustats"
}
}
}
},
"facets": {
"histo1": {
"histogram": {
"field": "cpuBusy",
"time_interval": "1h"
}
}
}
}

Thanks,

Mark

Jurgen_kartnaller · July 13, 2011, 5:11am

I guess you should use a date histogram based on the log timestamp.

Something like this:

"facets": {
"histo1": {
"date_histogram": {
"key_field": "ts",
"value_field": "cpuBusy",
"interval": "1h"
}
}
}

Also note that the facet operates on the query result not on the filtered
result.

Jürgen

On Wed, Jul 13, 2011 at 6:59 AM, Mark Obsniuk mobsniuk@gmail.com wrote:

I am trying to do a graph of CPU load recorded from a log. I'd like
hourly averages. I thought the following might work but all I get is a
single entry. I'd also like to know how I could do something like
group by. I have an IP address associated with each entry. I read that
multiple facets are allowed but haven't seen any examples so far on
how one might accomplish this.

{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"term": {
"@type": "devicecpustats"
}
}
}
},
"facets": {
"histo1": {
"histogram": {
"field": "cpuBusy",
"time_interval": "1h"
}
}
}
}

Thanks,

Mark

--
http://www.sfgdornbirn.at
http://www.mcb-bregenz.at