kibana uses a facet to capture the result set. I want to use an
aggregation to fetch the same result.
The original query from kibana looks like this:
{
"facets" : {
"0" : {
"date_histogram" : {
"field" : "@timestamp",
"interval" : "1d"
},
"global" : true,
"facet_filter" : {
"fquery" : {
"query" : {
"filtered" : {
"query" : {
"query_string" : {
"query" : "result:SUCCESS"
}
},
"filter" : {
"bool" : {
"must" : [{
"range" : {
"@timestamp" : {
"from" : 1393137170765,
"to" : 1396195200000
}
}
}
]
}
}
}
}
}
}
}
},
"size" : 0
}
The aggregation without filter critera is here:
{
"aggregations": {
"0": {
"date_histogram": {
"field": "@timestamp",
"interval": "1d"
}
}
},
"size": 0
}
But how should the filter criteria be applied here? In mailinglist
archive I found a reference to
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/search-aggregations-bucket-filter-aggregation.html.
I created the following query which seems to return result. Is this the
correct way to filter aggregated data?
{
"aggs": {
"timerange": {
"filter": {
"range": {
"@timestamp": {
"gt": 0
}
}
},
"aggregations": {
"0": {
"date_histogram": {
"field": "@timestamp",
"interval": "1d"
}
}
}
}
},
"size": 0
}
Is this the best/most performant way to capture data from large index?
Or are there alternatives?