How do I query last 1 hour of data and order it based on time?

blueren · August 5, 2018, 5:50pm

Hello,

I have data in ES such as:

@timestamp --> Timestamp field
record.hostIP 
record.destIP
record.port
record.application
etc...

I would like to plot this on a graph in js and hence need time on the X axis and count of record.<> on the Y axis.

This query gets me docs sorted by timestamp vs count (of all documents).
What do I want to do if I need count of record.application in the last 1 hour, sorted by timestamp from earliest to latest?

GET _search
{
        "size": "0",
        "aggs": {
            "oneHourTimeRange": {
                "filter": {
                    "range": {
                        "@timestamp": {
                            "gte": "now-60m",
                            "lte": "now"
                        }
                    }
                },
                "aggs": {
                    "totalTraffic": {
                    "terms": {
                        "field": "@timestamp",
                        "size": 500,
                        "order": { "_key": "asc" } 
                    }
                }
            }
        }  
    }
}

blueren · August 6, 2018, 5:02pm

I would really appreciate done some helpful tips over this!

Thanks

system · September 3, 2018, 5:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ES Query to sort data on Timestamp Elasticsearch	2	7635	April 10, 2017
ES Sorting on datetimestamp Elasticsearch	2	294	November 24, 2020
Sorting by timestamp Elasticsearch	2	1317	July 5, 2017
Elasticsearch Hour data Elasticsearch	5	526	December 9, 2016
Sorting search results Elasticsearch	2	751	July 6, 2017

How do I query last 1 hour of data and order it based on time?

Related topics