How to find the difference between aggregate min from aggregate max(max - min) in ES?

Elastic Stack Elasticsearch
1

How to write an ES query to find the difference between max and min value
of a field?

I am a newbee in elastic search, In my case I feed lot of events along with
session_id and time in to elastic search. My event structure is

Event_name string
Client_id string
App_id string
Session_id string
User_id string
Ip_address string
Latitude int64
Longitude int64
Event_time time.Time

I want to find the life time of a session_id based the feeded events. For that I can retrive the maximum Event_time and minimum Event_time for a particular session_id by the following ES query.

{
"size": 0,
"query": {
"match": {
"Session_id": "dummySessionId"
}
},
"aggs": {
"max_time": {
"max": {
"field": "Time"
}
},
"min_time":{
"min": {
"field": "Time"
}
}
}
}

But what I exact want is (max_time - min_time) How to write the ES query for the same????

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/1e937884-4052-4a5a-91db-bc1449c43efe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

2

Hi,

There is no way to do it on the Elasticsearch side for the moment. It can
only be done on client side.

On Wed, May 7, 2014 at 1:37 PM, Alex Mathew
alexmathewsenapathy@gmail.comwrote:

How to write an ES query to find the difference between max and min value
of a field?

I am a newbee in Elasticsearch, In my case I feed lot of events along
with session_id and time in to Elasticsearch. My event structure is

Event_name string
Client_id string
App_id string
Session_id string
User_id string
Ip_address string
Latitude int64
Longitude int64
Event_time time.Time

I want to find the life time of a session_id based the feeded events. For that I can retrive the maximum Event_time and minimum Event_time for a particular session_id by the following ES query.

{
"size": 0,
"query": {
"match": {
"Session_id": "dummySessionId"
}
},
"aggs": {
"max_time": {
"max": {
"field": "Time"
}
},
"min_time":{
"min": {
"field": "Time"
}
}
}
}

But what I exact want is (max_time - min_time) How to write the ES query for the same????

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/1e937884-4052-4a5a-91db-bc1449c43efe%40googlegroups.comhttps://groups.google.com/d/msgid/elasticsearch/1e937884-4052-4a5a-91db-bc1449c43efe%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
Adrien Grand

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAL6Z4j5%2BqaQzU6UAyD5-B%3Dv8R4yZQ%2B2wAUvH-%3D_mSrWRHk_erA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

3

Thank you Adrien Grand for reply.
Is it possible to use aggregate functions inside script??

On Wednesday, May 7, 2014 5:31:20 PM UTC+5:30, Adrien Grand wrote:

Hi,

There is no way to do it on the Elasticsearch side for the moment. It can
only be done on client side.

On Wed, May 7, 2014 at 1:37 PM, Alex Mathew <alexmathe...@gmail.com<javascript:>

wrote:

How to write an ES query to find the difference between max and min value
of a field?

I am a newbee in Elasticsearch, In my case I feed lot of events along
with session_id and time in to Elasticsearch. My event structure is

Event_name string
Client_id string
App_id string
Session_id string
User_id string
Ip_address string
Latitude int64
Longitude int64
Event_time time.Time

I want to find the life time of a session_id based the feeded events. For that I can retrive the maximum Event_time and minimum Event_time for a particular session_id by the following ES query.

{
"size": 0,
"query": {
"match": {
"Session_id": "dummySessionId"
}
},
"aggs": {
"max_time": {
"max": {
"field": "Time"
}
},
"min_time":{
"min": {
"field": "Time"
}
}
}
}

But what I exact want is (max_time - min_time) How to write the ES query for the same????

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/1e937884-4052-4a5a-91db-bc1449c43efe%40googlegroups.comhttps://groups.google.com/d/msgid/elasticsearch/1e937884-4052-4a5a-91db-bc1449c43efe%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
Adrien Grand

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/ab72a9e2-60d4-4865-9c71-351b79322f29%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

4

Thank you Adrien Grand for reply.
Is it possible to use aggregate functions inside script??

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/c7a1d6a8-1bb7-472c-9be1-7da4d9327e3e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

5

It is not possible either. We are discussing adding more scripting support
in order to have the ability to eg. sort based on the delta of two
aggregations but it is not clear how feasible it would be or how it could
be exposed.

On Wed, May 7, 2014 at 2:14 PM, Alex Mathew
alexmathewsenapathy@gmail.comwrote:

Thank you Adrien Grand for reply.
Is it possible to use aggregate functions inside script??

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/c7a1d6a8-1bb7-472c-9be1-7da4d9327e3e%40googlegroups.comhttps://groups.google.com/d/msgid/elasticsearch/c7a1d6a8-1bb7-472c-9be1-7da4d9327e3e%40googlegroups.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
Adrien Grand

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAL6Z4j4tJJFFVWzJ02RhNkURz4b8K_ivbr-SRoiAChuuThgaJw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

6

Has there been any progress on this? Combined with count, It would be a
really nice feature for validating the continuity of a dataset based on a
strictly incrementing field.

Regards,

Nils-Helge Garli Hegvik

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/89cb843d-fafe-4a1c-aa82-dea2b8fe48a9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

7

Nothing released yet, but some ongoing experiments on

On Fri, Mar 6, 2015 at 8:56 AM, nilsga@gmail.com wrote:

Has there been any progress on this? Combined with count, It would be a
really nice feature for validating the continuity of a dataset based on a
strictly incrementing field.

Regards,

Nils-Helge Garli Hegvik

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/89cb843d-fafe-4a1c-aa82-dea2b8fe48a9%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/89cb843d-fafe-4a1c-aa82-dea2b8fe48a9%40googlegroups.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
Adrien Grand

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAL6Z4j468GKz%3DHYv7PHx%2BZ%2BhVPGQLVnz5Cmesr-zG%2B5jKFQu%3DQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.