Hi,
I m trying to use elasticsearch input plugin in logstash (logstash 2.1.1) to aggregate data based on time. A sample logstash config is given below:
input {
elasticsearch {
hosts => "localhost"
index => "abc"
scan => false
size => 0
query => '{
"aggs": {
"range": {
"date_range": {
"field": "date",
"format": "MM-yyy",
"ranges": [
{ "to": "now-10M/M" },
{ "from": "now-10M/M" }
]
}
}
}
}'
}
}
output {
stdout { codec => rubydebug }
}
when i run the logstash with this configuration file i am expecting an output as below:
{
...
"aggregations": {
"range": {
"buckets": [
{
"to": 1.3437792E+12,
"to_as_string": "08-2012",
"doc_count": 7
},
{
"from": 1.3437792E+12,
"from_as_string": "08-2012",
"doc_count": 2
}
]
}
}
}
However, this is not the case as i do not get to see any aggregated data on the screen(default sysout).
Note: works in case of curl request or in sense plugin.
Also when i run with the same config with out size => 0, it returns only the documents that fall under the mentioned time buckets and not the aggregations as shown in the output above.
Am i missing something here or is this a bug ?
Thanks!