I have an ES query that search for 2 set of strings and calculating percentage based on the results of the match. This is expected to have work on fixed_interval [5 min]on date histogram. But when I am getting the result but I see two 5 min interval where it should be last 5 mins. Can you please help me here to get fixed interval of 5min .
GET index_*/_search
{
"query": {
"bool": {
"must": [
{
"query_string": {
"fields": [
"message"
],
"query": """
("::search result found." OR "::search result not found.")
"""
}
},
{
"range": {
"@timestamp": {
"gte": "now-5m",
"lte": "now"
}
}
}
]
}
},
"aggs": {
"latest": {
"date_histogram": {
"field": "@timestamp",
"fixed_interval": "5m"
},
"aggs": {
"calculation": {
"filters": {
"filters": {
"total": {
"match_phrase": {
"message": """
"::search result found."
"""}
}
}
}
},
"calculation1": {
"filters": {
"filters": {
"fail": {
"match_phrase": {
"message": """
"::search result not found."
"""
}
}
}
}
},
"total": {
"sum_bucket": {
"buckets_path": "calculation>_count"
}
},
"fail": {
"sum_bucket": {
"buckets_path": "calculation1>_count"
}
},
"percentage": {
"bucket_script": {
"buckets_path": {
"totals": "total",
"fails": "fail"
},
"script": "params.fails / params.totals*100"
}
}
}
}
}
}
Result
"aggregations" : {
"latest" : {
"buckets" : [
{
"key_as_string" : "2022-09-20T08:00:00.000Z",
"key" : 1663660800000,
"doc_count" : 4,
"calculation" : {
"buckets" : {
"total" : {
"doc_count" : 4
}
}
},
"calculation1" : {
"buckets" : {
"fail" : {
"doc_count" : 0
}
}
},
"total" : {
"value" : 4.0
},
"fail" : {
"value" : 0.0
},
"percentage" : {
"value" : 0.0
}
},
{
"key_as_string" : "2022-09-20T08:05:00.000Z",
"key" : 1663662600000,
"doc_count" : 1,
"calculation" : {
"buckets" : {
"total" : {
"doc_count" : 1
}
}
},
"calculation1" : {
"buckets" : {
"fail" : {
"doc_count" : 0
}
}
},
"total" : {
"value" : 1.0
},
"fail" : {
"value" : 0.0
},
"percentage" : {
"value" : 0.0
}
}
]
}
}
}
Expected Result
"aggregations" : {
"latest" : {
"buckets" : [
{
"key_as_string" : "2022-09-20T08:00:00.000Z",
"key" : 1663660800000,
"doc_count" : 4,
"calculation" : {
"buckets" : {
"total" : {
"doc_count" : 4
}
}
},
"calculation1" : {
"buckets" : {
"fail" : {
"doc_count" : 0
}
}
},
"total" : {
"value" : 4.0
},
"fail" : {
"value" : 0.0
},
"percentage" : {
"value" : 0.0
}
}
]
}
}
}