Is it possible to add a field to all document in an index which the field is an aggregation result?

Hello all,

I have data set as below:

on_time,off_time,user,PC
2018-09-01 00:34:27.540,2018-09-01 03:40:34.870,wwwww,NA016F
2018-09-01 02:55:55.710,2018-09-01 02:58:55.860,dddddd,NB106F
2018-09-01 03:44:24.460,2018-09-01 04:18:32.300,eeeeeee,NA031F
2018-09-01 04:45:26.150,2018-09-01 05:55:53.580,gggggggg,NA046F
2018-09-01 06:18:43.460,2018-09-01 10:02:28.490,bbbbbbb,CC004D
2018-09-01 08:06:22.880,2018-09-01 13:54:01.040,fffffffffff,NB083F
2018-09-01 08:07:24.530,2018-09-01 08:12:20.880,gggggggg,NA091F
2018-09-01 08:14:11.630,2018-09-01 08:17:43.300,mmmmm,NA110F

I want to add a field called "time_frame" which is the date range between "on_time" and "off_time" to all documents in a index, what is the Elasticsearch command to perform this?

thank you very much.

Hey,

so if the documents have already been indexed, you could use the update by query API and execute a script that calculates the duration between the two timestamps.

--Alex

hello Alex,
I hope there will be a good code example like my case,
I have read your link but I really not understanding well from the examples
and nonetheless the examples are too simple and I cannot really take them as reference
also painless script example are also too little
if possible, I hope you could show some coding for my case
Thanks

See Unable to calculate duration by 2 dates fields for some inspiration

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.