Get earliest timestamp per day

EZprogramming · July 23, 2019, 12:37am

I am trying to get the earliest (minimum) timestamp per day for a specfici message and log group.

However, my output is not what I'm expecting, I only get the minimum timestamp among all timestamp and not the minimum timestamp per day. How can I get the earliest timestamp for each day?

Output:

  "aggregations" : {
    "min-timestamp" : {
      "value" : 1.561659850322E12,
      "value_as_string" : "2019-06-27T18:24:10.322Z"
    }
  }

Here is Elasticsearch query:

GET /stage-cloudwatch/_search
{
  "aggs":{
    "min-timestamp": {
      "min": {
        "field": "@timestamp"
      }
    }
  },
  "query": {
    "bool": {
      "must": [
        { 
          "match_phrase": {
            "message": "PROCESS - START - file_type:aux"
          }
        },
        {
          "match_phrase": {
            "cloudwatch_logs.log_group": "/aws/lambda/b2_raw_processor"
          }
        }
      ]
    }
  }
}

EZprogramming · July 23, 2019, 5:14pm

Temporary solution:

{
  "aggs":{
    "min-timestamp": {
      "min": {
        "field": "@timestamp"
      }
    }
  },
  "sort": [
    {
      "@timestamp": {
        "order": "asc"
      }
    }
  ], 
  "size": 1, 
  "query": {
    "bool": {
      "must": [
        { 
          "match_phrase": {
            "message": "PROCESS - START - file_type:aux"
          }
        },
        {
          "match_phrase": {
            "cloudwatch_logs.log_group": "/aws/lambda/b2_raw_processor"
          }
        }
      ]
    }
  }
}

and in Kibana you have to change count in Metrics to Min on timestamp field. Then create an x axis which has a date histogram. What we basically did was finding the minimum timestamp on a given day.

[Edit]:
If there is an Elasticsearch solution that can do this at once, please feel free to share.

system · August 20, 2019, 5:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.