I am writing an ES|QL to find out the sum and of a field grouped by another field and also it’s percentage by other sums of that field. How do I write the query?
FROM test_index | WHERE start_time >= DATE_PARSE("yyyy-MM-dd'T'HH:mm:ssXXX", "2025-08-01T00:00:00Z") AND start_time <= DATE_PARSE("yyyy-MM-dd'T'HH:mm:ssXXX", "2025-08-20T00:00:00Z") | STATS views_total = SUM(1), view_time = SUM(view_time)BYdevice_type,user_category // here I also need to find the percent of view_time too | EVAL view_time_mins = ROUND(TO_DOUBLE(view_time) / 60.0, 2)
Here I also need to find the percent of view_time too but can’t get the total sum of view_time without any groups in the STATS command.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.