I am trying to merge buckets from a parent aggregation. I am not sure if thats possible. Please help.
I have an aggregation query as below
GET log-2019.07.20/_search
{
"size": 0,
"aggs": {
"buckets": {
"date_histogram": {
"field": "@timestamp",
"interval": "5m",
"format": "mm"
}
}
}
}
and the output is like
.
.
.
"aggregations" : {
"buckets" : {
"buckets" : [
{
"key_as_string" : "00",
"key" : 1563840000000,
"doc_count" : 3535
},
{
"key_as_string" : "05",
"key" : 1563840300000,
"doc_count" : 3556
},
.
.
.
What I am trying to do is run a term aggregation on the key_as_string field but its always showing empty bucket.
Is there any way to combine buckets ??
Thank you