I have sample documents like below.
{
"timestamp": "2019-06-19T13:39:31Z"
}
I need to get documents to count by hourly like (00:00 - 03:00, 03:00-06:00 ..)
Thanks, Advance
The preferred way would be to index the hour of the day in addition to the timestamp. Then it's pretty easy to do the aggregation.
Thanks, @dadoonet for your reply.
But I can't create the separate index.
I was trying to use the following query. but not getting expected result.
GET /fluent/_search
{
"size": 0,
"aggs": {
"time_of_day":{
"date_range": {
"field": "timestamp",
"format": "strict_hour_minute",
"ranges": [
{
"from": "01:00",
"to": "10:00"
}
]
}
}
}
}
Output:
{
"took": 5981,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 1744686,
"max_score": 0,
"hits":
},
"aggregations": {
"time_of_day": {
"buckets": [
{
"key": "01:00-10:00",
"from": 3600000,
"from_as_string": "01:00",
"to": 36000000,
"to_as_string": "10:00",
"doc_count": 0
}
]
}
}
}
If you don't want to create a new field, then you can try to use https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html#search-aggregations-bucket-terms-aggregation-script. Note that depending on the volume you have, that will be probably slow.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.