Getting two intervals in the result for fixed_interval

I have an ES query that search for 2 set of strings and calculating percentage based on the results of the match. This is expected to have work on fixed_interval [5 min]on date histogram. But when I am getting the result but I see two 5 min interval where it should be last 5 mins. Can you please help me here to get fixed interval of 5min .

GET index_*/_search
 {
          "query": {
            "bool": {
              "must": [
                {
                  "query_string": {
                    "fields": [
                      "message"
                    ],
                    "query": """
                    ("::search result found." OR "::search result not found.")
                    """
                  }
                },
                {
                  "range": {
                    "@timestamp": {
                      "gte": "now-5m",
                      "lte": "now"
                    }
                  }
                }
              ]
            }
          },
          "aggs": {
            "latest": {
              "date_histogram": {
                "field": "@timestamp",
                "fixed_interval": "5m"
              },
              "aggs": {
                "calculation": {
                  "filters": {
                    "filters": {
                      "total": {
                        "match_phrase": {
                          "message": """
                            "::search result found." 
                            """}
                      }
                    }
                  }
                },
                "calculation1": {
                  "filters": {
                    "filters": {
                      "fail": {
                        "match_phrase": {
                          "message": """
                                "::search result not found." 
                                """
                        }
                      }
                    }
                  }
                },
                "total": {
                  "sum_bucket": {
                    "buckets_path": "calculation>_count"
                  }
                },
                "fail": {
                  "sum_bucket": {
                    "buckets_path": "calculation1>_count"
                  }
                },
                "percentage": {
                  "bucket_script": {
                    "buckets_path": {
                      "totals": "total",
                      "fails": "fail"
                    },
                    "script": "params.fails / params.totals*100"
                  }
                }
              }
            }
          }
 }

Result

  "aggregations" : {
    "latest" : {
      "buckets" : [
        {
          "key_as_string" : "2022-09-20T08:00:00.000Z",
          "key" : 1663660800000,
          "doc_count" : 4,
          "calculation" : {
            "buckets" : {
              "total" : {
                "doc_count" : 4
              }
            }
          },
          "calculation1" : {
            "buckets" : {
              "fail" : {
                "doc_count" : 0
              }
            }
          },
          "total" : {
            "value" : 4.0
          },
          "fail" : {
            "value" : 0.0
          },
          "percentage" : {
            "value" : 0.0
          }
        },
        {
          "key_as_string" : "2022-09-20T08:05:00.000Z",
          "key" : 1663662600000,
          "doc_count" : 1,
          "calculation" : {
            "buckets" : {
              "total" : {
                "doc_count" : 1
              }
            }
          },
          "calculation1" : {
            "buckets" : {
              "fail" : {
                "doc_count" : 0
              }
            }
          },
          "total" : {
            "value" : 1.0
          },
          "fail" : {
            "value" : 0.0
          },
          "percentage" : {
            "value" : 0.0
          }
        }
      ]
    }
  }
}

Expected Result

  "aggregations" : {
    "latest" : {
      "buckets" : [
        {
          "key_as_string" : "2022-09-20T08:00:00.000Z",
          "key" : 1663660800000,
          "doc_count" : 4,
          "calculation" : {
            "buckets" : {
              "total" : {
                "doc_count" : 4
              }
            }
          },
          "calculation1" : {
            "buckets" : {
              "fail" : {
                "doc_count" : 0
              }
            }
          },
          "total" : {
            "value" : 4.0
          },
          "fail" : {
            "value" : 0.0
          },
          "percentage" : {
            "value" : 0.0
          }
        }
      ]
    }
  }
}

Welcome to our community! :smiley:

Just to be clear, are you referring to the difference between these two?

Yes. If you can see in my query I have a fixed interval of 5 mins. But I see two intervals

"key_as_string" : "2022-09-20T08:00:00.000Z",
"key_as_string" : "2022-09-20T08:05:00.000Z",

The date histogram aligns buckets based on 5 minute intervals since epoch and since your now is not exactly such a timestamp your date histogram straddles two buckets.

Can you suggest me how can I get last 5 minuets with range query to make sure date histogram doesn't straddles two buckets.

If you are querying an interval of 5 minutes and want all a single interval, why use a date histogram at all?

Without data histogram , we are not able to perform aggregation. Followed this Pipeline aggregations | Elasticsearch Guide [8.4] | Elastic

{
  "error" : {
    "root_cause" : [
      {
        "type" : "parsing_exception",
        "reason" : "Unknown aggregation type [calculation]",
        "line" : 27,
        "col" : 32
      }
    ],
    "type" : "parsing_exception",
    "reason" : "Unknown aggregation type [calculation]",
    "line" : 27,
    "col" : 32,
    "caused_by" : {
      "type" : "named_object_not_found_exception",
      "reason" : "[27:32] unknown field [calculation]"
    }
  },
  "status" : 400
}

@Christian_Dahlqvist Any suggestions??

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.