Hi,
I have requirement to get max of count value along with its date in last 7 days time frame.
Below is my kibana visualization setting.
Here I need to get max of count value along with its date. Seeing forward to suggestion
My correxponding ES query:
"query": {
"filtered": {
"query": {
"query_string": {
"analyze_wildcard": true,
"lowercase_expanded_terms": false,
"query": ""
}
},
"filter": {
"bool": {
"must": [
{
"query": {
"query_string": {
"query": "*",
"analyze_wildcard": true,
"lowercase_expanded_terms": false
}
}
},
{
"range": {
"@timestamp": {
"gte": 1679843225961,
"lte": 1680448025961,
"format": "epoch_millis"
}
}
}
],
"must_not": []
}
}
}
},
"size": 0,
"aggs": {
"7": {
"date_histogram": {
"field": "@indexer.timestamp",
"interval": "1d",
"time_zone": "EST5EDT",
"min_doc_count": 1,
"extended_bounds": {
"min": 1679843225960,
"max": 1680448025960
}
}
}
}
}```
Corresponding response:
```{
"took": 7270,
"timed_out": false,
"_shards": {
"total": 2244,
"successful": 2244,
"failed": 0
},
"hits": {
"total": 1849010,
"max_score": 0.0,
"hits": []
},
"aggregations": {
"8": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "test",
"doc_count": 1849010,
"9": {
"buckets": [
{
"key_as_string": "2023-03-26T00:00:00.000-04:00",
"key": 1679803200000,
"doc_count": 19593
},
{
"key_as_string": "2023-03-27T00:00:00.000-04:00",
"key": 1679889600000,
"doc_count": 395447
},
{
"key_as_string": "2023-03-28T00:00:00.000-04:00",
"key": 1679976000000,
"doc_count": 382152
},
{
"key_as_string": "2023-03-29T00:00:00.000-04:00",
"key": 1680062400000,
"doc_count": 365295
},
{
"key_as_string": "2023-03-30T00:00:00.000-04:00",
"key": 1680148800000,
"doc_count": 356298
},
{
"key_as_string": "2023-03-31T00:00:00.000-04:00",
"key": 1680235200000,
"doc_count": 301580
},
{
"key_as_string": "2023-04-01T00:00:00.000-04:00",
"key": 1680321600000,
"doc_count": 25083
},
{
"key_as_string": "2023-04-02T00:00:00.000-04:00",
"key": 1680408000000,
"doc_count": 3562
}
]
}
}
]
}
}
}```