Max Bucket Aggregation: Only return that result?

Speedman · November 30, 2018, 7:04pm

Here's the query I'm running:

{
    "size": 0,
    "query": {
        "range": {
            "timestamp": {
                "gte": "2018-11-28",
                "lte": "2018-11-28"
            }
        }
    },
    "aggs": {
        "hits_per_minute": {
            "date_histogram": {
                "field": "timestamp",
                "interval": "minute"
            },
            "aggs": {
                "total_hits": {
                    "sum": {
                        "field": "hits_count"
                    }
                }
            }
        },
        "max_transactions_per_minute": {
            "max_bucket": {
                "buckets_path": "hits_per_minute>total_hits"
            }
        }
    }
}

(If anybody needs to know, the docs in question contain fields that show the total hits for our API endpoints over the course of a minute, with one doc per minute from each instance.)

The max bucket works just fine and gives me the results I want. Is there a way to skip the rest of the results, though? I don't need to actually see the total hits for each minute, just the maximum.

Speedman · December 5, 2018, 9:29pm

Found the answer: response filtering using the filter_path option in the URL:

http://hostname/index/_search?filter_path=aggregations.max_transactions_per_minute

system · January 2, 2019, 9:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.