I want to except results on a specific date from elastic aggregation

e997cd7e8d9915436150 · January 31, 2021, 7:58am

This is my query that returns results on 19th Oct.

GET apachelog/_search
{
  "size": 0, 
  "aggs": {
    "NAME": {
      "terms": {
        "field": "ext.keyword",
        "size": 10
      }
    }
  },
  "query": {
    "range": {
      "@timestamp": {
        "time_zone": "Asia/Seoul",
        "gte": "2015-10-19",
        "lt": "2015-10-20"
      }
    }
  }  
}

Below are the results.

  "aggregations" : {
    "NAME" : {
      "doc_count_error_upper_bound" : 0,
      "sum_other_doc_count" : 0,
      "buckets" : [
        {
          "key" : "php",
          "doc_count" : 36797
        },
        {
          "key" : "png",
          "doc_count" : 18202
        }
      ]
    }
  }

This is second query that returns results on 18th Oct.

GET apachelog/_search
{
  "size": 0, 
  "aggs": {
    "NAME": {
      "terms": {
        "field": "ext.keyword",
        "size": 10
      }
    }
  },
  "query": {
    "range": {
      "@timestamp": {
        "time_zone": "Asia/Seoul",
        "gte": "2015-10-18",
        "lt": "2015-10-19"
      }
    }
  }  
}

Below are the second results.

  "aggregations" : {
    "NAME" : {
      "doc_count_error_upper_bound" : 0,
      "sum_other_doc_count" : 0,
      "buckets" : [
        {
          "key" : "php",
          "doc_count" : 10885
        }
      ]
    }
  }

And i want to except results on 18th Oct from results on 19th Oct. Below is the result i want.

  "aggregations" : {
    "NAME" : {
      "doc_count_error_upper_bound" : 0,
      "sum_other_doc_count" : 0,
      "buckets" : [
        {
          "key" : "png",
          "doc_count" : 18202
        }
      ]
    }
  }

Can i create query behaves like sql query below in elasticsearch?

select distinct(ext)
from apachelog
where @timestamp = '2015-10-19'

minus

select distinct(ext)
from apachelog
where @timestamp = '2015-10-18'

I'm trying to write a MINUS query use the bool query with must and must_not. This is my third query.

GET apachelog/_search
{
  "size": 0, 
  "query": {
    "bool": {
      "must": [
        {
          "range": {
            "@timestamp": {
              "time_zone": "Asia/Seoul",
              "gte": "2015-10-19",
              "lt": "2015-10-20"
            }
          }
        }
      ],
      "must_not": [
        {
          "range": {
            "@timestamp": {
              "time_zone": "Asia/Seoul",
              "gte": "2015-10-18",
              "lt": "2015-10-19"
            }
          }
        }
      ]
    }
  },
  "aggs": {
    "NAME": {
      "terms": {
        "field": "ext.keyword",
        "size": 10
      }
    }
  }
}

But can't returns the result i want.

  "aggregations" : {
    "NAME" : {
      "doc_count_error_upper_bound" : 0,
      "sum_other_doc_count" : 0,
      "buckets" : [
        {
          "key" : "php",
          "doc_count" : 36797
        },
        {
          "key" : "png",
          "doc_count" : 18202
        }
      ]
    }
  }

Anyone could show me the way? Thanks in advance:)

system · February 28, 2021, 7:59am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ordering the result of aggregation Elasticsearch	2	418	April 30, 2018
Excluding result from the search Elasticsearch	3	342	August 1, 2019
Can we match both date range aggregation count and date range query count Elasticsearch	1	490	February 11, 2019
Date aggregation query based out of a range Elasticsearch	1	298	December 16, 2020
How filter an aggregation result Elasticsearch	2	380	July 5, 2017

I want to except results on a specific date from elastic aggregation

Related topics