Find most frequent users on basis of captureTime

Rashmi_Nagpal · May 7, 2019, 3:35pm

I want to fire a query, which should return most frequent users data on the basis of attribute - "CaptureTime", which is an array of variable sizes[of timestamp field].
I can't perform "update by query" because of some restrictions, so, I tried to perform max using aggregation API but remained unsuccessful, also thought if I can sort in decreasing order on the "CaptureTime" array length which will help me in finding - most frequent users.
Below is the glimpse of that dataset :-

{
"_source" : {
id : "23",
captureTime :
["2019-05-03T16:17",
"2019-05-03T16:18",
"2019-05-03T16:39",
"2019-05-03T16:40"]
},
"_source" : {
"empid":"45",
"captureTime":
["2019-04-29T10:54",
"2019-04-29T10:59",
"2019-04-29T11:02",
"2019-04-29T11:23",
"2019-04-29T11:32",
"2019-04-29T11:33"]
}
}

Kindly provide me some insights.Thanks a real bunch!

polyfractal · May 10, 2019, 3:52pm

I think a date_histogram aggregation on captureTime, followed by a terms aggregation on ID would work.

That will give you a bucket per time interval (every five minutes, or whatever makes sense). Then for each bucket of time, the terms agg will give you the list of IDs that fell into that bucket.

system · June 7, 2019, 3:52pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.