I have the following query:
query = {
"aggs" : {
"by_minute" : {
"date_histogram" : {
"field" : "@timestamp",
"interval" : "minute"
},
"aggs":{
"max": { "max": { "field": "duration" } },
"min": { "min": { "field": "duration" } },
"avg": { "avg": { "field": "duration" } },
}
}
},
"query" : {
"bool" : {
"filter": [
{ "query_string" : { "query" : "audit_type:REQ AND req_backend_name:service" } },
{ "range" : { "@timestamp" : { "gte" : "now-24h", "lt" : "now" } } },
]
}
}
}
What is does now is that it fetches data from last 24 hours and then groups them by minute. What I need, however, is this type of data for every 24 hours for the last year separately.