How to get the Top Hit result from the aggregated 95th percentile

_kyllr · December 17, 2018, 10:26am

Hello,

I have this visualization below to get the 95th percentile per hour:

{
  "size": 0,
  "_source": {
"excludes": []
  },
  "aggs": {
"2": {
  "date_histogram": {
    "field": "AuthorizationUTCTimestamp",
    "interval": "1h",
    "time_zone": "Asia/Shanghai",
    "min_doc_count": 1
  },
  "aggs": {
    "1": {
      "percentiles": {
        "field": "TokenRequest",
        "percents": [
          95
        ],
        "keyed": false
      }
    }
  }
}
  },
  "stored_fields": [
"*"
  ],
  "script_fields": {},
  "docvalue_fields": [
"AuthorizationUTCTimestamp",
"IssuedUTCTimestamp",
"signinDateTime"
  ],
  "query": {
"bool": {
  "must": [
    {
      "match_all": {}
    },
    {
      "range": {
        "AuthorizationUTCTimestamp": {
          "gte": 1544284800000,
          "lte": 1544371199999,
          "format": "epoch_millis"
        }
      }
    }
  ],
  "filter": [],
  "should": [],
  "must_not": []
}
  }
}

Now, what I would like to achieve is to get the max result of 95th percentile per day based in the result from above request.

Is there anyway I can get the top hit from the aggregations result?

Thanks!

monfera · December 17, 2018, 10:54am

Hi @_kyllr it may be more of an Elasticsearch question - if these links don't offer a solution, please tag the question as ES.

Pipeline aggregations
Sub-aggregations

_kyllr · December 17, 2018, 11:08am

Hi @monfera, already tagged this as ES. Thanks!

_kyllr · December 18, 2018, 9:37am

Hello, could someone help on this?

system · January 15, 2019, 9:50am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.