Not sure if this is possible, any help is greatly appreciated...
I have time-based events with two date fields: start time and end time.
I'd like to count amount of active events at any given time, i.e. how many events were active every second. It means the same document should be counted several times if it lasted several seconds.
That's a tough one due to the nature of the event spanning multiple time buckets.
I can't immediately think of anything that could do this, but maybe someone else can.
Make a script-thingy that returns an array of datetimes (say, 1 element for each day) and then do a group-by/aggregate-bucket on the whole array ?
This way each document will have multiple-values, and it will be counted on several days.
Here is a link to a thread that discussed how to do something similar in Kibana using a scripted metrics aggregation. The aggregation example, which is based in start date and duration rather than start and end date, can be found here.
Thanks, worked like a charm 
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.