Is it possible to add a field to all document in an index which the field is an aggregation result?

mmk1995 · August 28, 2019, 12:09pm

Hello all,

I have data set as below:

on_time,off_time,user,PC
2018-09-01 00:34:27.540,2018-09-01 03:40:34.870,wwwww,NA016F
2018-09-01 02:55:55.710,2018-09-01 02:58:55.860,dddddd,NB106F
2018-09-01 03:44:24.460,2018-09-01 04:18:32.300,eeeeeee,NA031F
2018-09-01 04:45:26.150,2018-09-01 05:55:53.580,gggggggg,NA046F
2018-09-01 06:18:43.460,2018-09-01 10:02:28.490,bbbbbbb,CC004D
2018-09-01 08:06:22.880,2018-09-01 13:54:01.040,fffffffffff,NB083F
2018-09-01 08:07:24.530,2018-09-01 08:12:20.880,gggggggg,NA091F
2018-09-01 08:14:11.630,2018-09-01 08:17:43.300,mmmmm,NA110F

I want to add a field called "time_frame" which is the date range between "on_time" and "off_time" to all documents in a index, what is the Elasticsearch command to perform this?

thank you very much.

spinscale · August 28, 2019, 2:26pm

Hey,

so if the documents have already been indexed, you could use the update by query API and execute a script that calculates the duration between the two timestamps.

--Alex

mmk1995 · August 29, 2019, 3:32am

hello Alex,
I hope there will be a good code example like my case,
I have read your link but I really not understanding well from the examples
and nonetheless the examples are too simple and I cannot really take them as reference
also painless script example are also too little
if possible, I hope you could show some coding for my case
Thanks

spinscale · August 29, 2019, 7:29am

See Unable to calculate duration by 2 dates fields for some inspiration

system · September 26, 2019, 7:30am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.