Moving Average Custom Range and Interval

William_Baker · June 29, 2017, 6:49pm

My goal is to create moving averages, over a certain range, using a certain interval. The query that I am using right now is the following;

{
    "size": 0,
    "query": {
    	"range" : {
        	"@timestamp" : {
            	"gte": "2017-06-01T02:00:00.000Z", 
            	"lte": "2017-07-01T00:00:00.000Z"
        	}
    	}
	},
    "aggs": {
        "my_date_histo":{                
            "date_histogram":{
                "field":"@timestamp",
                "interval":"1d"
            },
            "aggs":{
                "the_sum":{
                    "sum":{ "field": "resp_pkts" } 
                },
                "the_movavg":{
                    "moving_avg":{ "buckets_path": "the_sum" } 
                }
            }
        }
    }
}

Which successfully generates moving averages from 06/01/17 to 07/01/17.

The problem is that a day is considered from midnight to midnight, but I want the 24 hour period to be considered (now - 24 hours). This is a problem because, for example, right now the last day of the moving averages only contains 14 hours, because it is looking from midnight - now. As I said, I need it to be (now-24 hours).

That way each moving average will have the same number of hours (24). Is this possible without building my own aggregation?

William_Baker · June 29, 2017, 7:46pm

It looks like I can answer my own question.

The offset parameter of the date_histogram seems to be the solution. So, I will calculate the number of minutes from midnight until now and use that as the offset.

system · July 27, 2017, 7:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.