Hi, Im' Newbie of ELK Stack.
I have question of elasticsearch REST API, I want to select data 2 time. First I use range (-20s to -140s) and aggregation term and bucket sort to find min value in this time.
ex : 08.30 AM : [{A:30, B:35, C:40}]
And second I use range (-20s to -30 m) and i want to filter term aggregation where data in before bucket [{A:30, B:35, C:40}] How to use what aggs for this question
Thank You.
GET shc-*/_search
{
"aggs": {
"find_min_last_1m": {
"range": {
"field": "@timestamp",
"ranges": [{
"from": "now-140s",
"to": "now-20s"
}]
},
"aggs": {
"process_term": {
"terms": { "field": "pid.keyword", "size": 65},
"aggs": {
"sort_min_last_1m": {
"bucket_sort": {
"sort": [{ "_count": { "order": "asc"}}],
"size": 3
}
}
}
}
}
},
"min": {
"range": {
"field": "@timestamp",
"ranges": [{
"from": "now-30m",
"to": "now-20s"
}]
},
"aggs": {
"time_buckets": {
"date_histogram": {
"field": "@timestamp",
"interval": "10m"
},
"aggs": {
"process_filter": {
"filter": {
"terms": {
"pid.keyword": [
"shc:13370766",
"shc:13238406",
"shc:24314018"
]
}
},
"aggs": {
"process_term": {
"terms": {
"field": "pid.keyword"
}
}
}
}
}
}
}
}
}
}