I am trying to create some statistical output based on event data. I have script that will search and count events over a period of time and creates a date histogram, with the bucket size being configurable. the output of which looks like this:
"aggregations": {
"per_second_histo": {
"buckets": [
{
"key_as_string": "2017-02-14T00:00:00.000Z",
"key": 1487030400000,
"doc_count": 0
},
{
"key_as_string": "2017-02-14T00:00:01.000Z",
"key": 1487030401000,
"doc_count": 0
},
{
"key_as_string": "2017-02-14T00:00:02.000Z",
"key": 1487030402000,
"doc_count": 0
},
{
"key_as_string": "2017-02-14T00:00:03.000Z",
"key": 1487030403000,
"doc_count": 0
},
{
"key_as_string": "2017-02-14T00:00:04.000Z",
"key": 1487030404000,
"doc_count": 0
},
What I want to do now is create a second date histogram, with buckets of 5 minute periods containing stats for that period using a stats bucket, but i'm struggling with how to point the stats bucket at a selection of the previous date histogram. I've seen it github that something called a bucket reducer was proposed, and the ticket was closed with the introduction of pipeline aggregations, but I can't figure out how to do it. Can anyone shed some advice on this please?