I have recently started to look at Elastic Search to answer my analytics
questions. I am fairly new to ES query, so please excuse me if this a
obvious question
I have session data with events like below JSON. The Number of events and
order can vary in each document. I would like to GET all sessions with a
specific sequence of events. For below example, Sequence of Event
represented like "ABC". This document would be matched with any regular
expression query like *, A, BC, ABC.. . Non matching queries for the
below data D, AC, AC..
How do I represent the Sequence property below to be indexed properly for
the search? Or Am I thinking this data representation totally wrong?
How do I build a query in ES for this?
I have recently started to look at Elastic Search to answer my analytics
questions. I am fairly new to ES query, so please excuse me if this a
obvious question
I have session data with events like below JSON. The Number of events and
order can vary in each document. I would like to GET all sessions with a
specific sequence of events. For below example, Sequence of Event
represented like "ABC". This document would be matched with any regular
expression query like *, A, BC, ABC.. . Non matching queries for the
below data D, AC, AC..
How do I represent the Sequence property below to be indexed properly for
the search? Or Am I thinking this data representation totally wrong?
How do I build a query in ES for this?
One more question related to Kibana to visualize this data.
For a query that matches sequence "AB"
Once I have all the matching documents I want to plot a bar chart with
x-axis: Session StartTime (Day granularity)
y-axis: Mean of (LastEvent.EndTime(In this example B) -
FirstEvent.StartTime(In this Example A)) for the given day
Any pointers on how do I aggregate on other properties on the matched
document?
One more question related to Kibana to visualize this data.
For a query that matches sequence "AB"
Once I have all the matching documents I want to plot a bar chart with
x-axis: Session StartTime (Day granularity)
y-axis: Mean of (LastEvent.EndTime(In this example B) -
FirstEvent.StartTime(In this Example A)) for the given day
Any pointers on how do I aggregate on other properties on the matched
document?
Match all the documents having a specific sequence of events, say "B C"
On the result, bucket aggregate documents by day on Session.StartTime
(Date_Histogram)
on each bucket find the average of time elapsed in seconds between the
searched sequence. Here it was "B, C", so it will be
session.Events[indexOfC].EndTime - session.Events[indexOfB].StartTime
I tried bucket filter aggregation on #1, seems to be working
I tried date_histogram for #2, not working,* I am not sure how to consume
the result of #1 in #2* I have not reached to trying #3 because #2 is not working, but I think I
need avg aggr with script value.
Can you help with syntax or pointer on highlighted. I am also interested
in how I feed it to a Kibana chart.
One more question related to Kibana to visualize this data.
For a query that matches sequence "AB"
Once I have all the matching documents I want to plot a bar chart with
x-axis: Session StartTime (Day granularity)
y-axis: Mean of (LastEvent.EndTime(In this example B) -
FirstEvent.StartTime(In this Example A)) for the given day
Any pointers on how do I aggregate on other properties on the matched
document?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.