I have nested query where in i am filtering the present days data and later aggregating the data using date-histogram aggregation with hourly interval , but in date-histogram output it is returning the previous day's data also. is filter is not working ? kindly provide some suggestions
Here is my Query:
POST finalalertbrowser/_search?size=0
{
"query": {
"bool": {
"must": [{
"match_phrase": {
"projectId.keyword": "******************************88"
}
}],
"filter": {
"nested": {
"path": "errors",
"query": {
"bool": {
"filter":
{
"range": {
"errors.time": {
"gte": "now/d",
"lte": "now"
}
}
}
}
}
}
}
}
},
"aggs": {
"errorData": {
"nested": {
"path": "errors"
},
"aggs": {
"errorMsg": {
"filter": {
"term": {
"errors.errMsg.keyword": "Uncaught TypeError: $.snapUpdate is not a function"
}
},
"aggs": {
"hourlyData": {
"date_histogram": {
"field": "errors.time",
"interval": "hour",
"time_zone": "+05:30"
}
}
}
}
}
}
}
}
and the output of the query is:
"aggregations": {
"errorData": {
"doc_count": 89644,
"errorMsg": {
"doc_count": 1861,
"hourlyData": {
"buckets": [
{
"key_as_string": "2018-03-13T11:00:00.000+05:30",
"key": 1520919000000,
"doc_count": 3
},
{
"key_as_string": "2018-03-13T12:00:00.000+05:30",
"key": 1520922600000,
"doc_count": 2
},
{
"key_as_string": "2018-03-13T13:00:00.000+05:30",
"key": 1520926200000,
"doc_count": 2
},
{
"key_as_string": "2018-03-13T14:00:00.000+05:30",
"key": 1520929800000,
"doc_count": 2
},
{
"key_as_string": "2018-03-13T15:00:00.000+05:30",
"key": 1520933400000,
"doc_count": 4
},
{
"key_as_string": "2018-03-13T16:00:00.000+05:30",
"key": 1520937000000,
"doc_count": 8
},
{
"key_as_string": "2018-03-13T17:00:00.000+05:30",
"key": 1520940600000,
"doc_count": 6
},
{
"key_as_string": "2018-03-13T18:00:00.000+05:30",
"key": 1520944200000,
"doc_count": 3
},
{
"key_as_string": "2018-03-13T19:00:00.000+05:30",
"key": 1520947800000,
"doc_count": 1
},
{
"key_as_string": "2018-03-13T20:00:00.000+05:30",
"key": 1520951400000,
"doc_count": 2
},
{
"key_as_string": "2018-03-13T21:00:00.000+05:30",
"key": 1520955000000,
"doc_count": 4
},
{
"key_as_string": "2018-03-13T22:00:00.000+05:30",
"key": 1520958600000,
"doc_count": 3
},
{
"key_as_string": "2018-03-13T23:00:00.000+05:30",
"key": 1520962200000,
"doc_count": 2
},
{
"key_as_string": "2018-03-14T00:00:00.000+05:30",
"key": 1520965800000,
"doc_count": 1
},
{
"key_as_string": "2018-03-14T01:00:00.000+05:30",
"key": 1520969400000,
"doc_count": 2
},
{
"key_as_string": "2018-03-14T02:00:00.000+05:30",
"key": 1520973000000,
"doc_count": 1
},
{
"key_as_string": "2018-03-14T03:00:00.000+05:30",
"key": 1520976600000,
"doc_count": 1
},
{
"key_as_string": "2018-03-14T04:00:00.000+05:30",
"key": 1520980200000,
"doc_count": 2
},
{
"key_as_string": "2018-03-14T05:00:00.000+05:30",
"key": 1520983800000,
"doc_count": 2
},
{
"key_as_string": "2018-03-14T11:00:00.000+05:30",
"key": 1521005400000,
"doc_count": 349
},
{
"key_as_string": "2018-03-14T12:00:00.000+05:30",
"key": 1521009000000,
"doc_count": 300
},
{
"key_as_string": "2018-03-14T13:00:00.000+05:30",
"key": 1521012600000,
"doc_count": 258
},
{
"key_as_string": "2018-03-14T14:00:00.000+05:30",
"key": 1521016200000,
"doc_count": 247
},
{
"key_as_string": "2018-03-14T15:00:00.000+05:30",
"key": 1521019800000,
"doc_count": 144
},
{
"key_as_string": "2018-03-14T16:00:00.000+05:30",
"key": 1521023400000,
"doc_count": 63
},
{
"key_as_string": "2018-03-14T17:00:00.000+05:30",
"key": 1521027000000,
"doc_count": 30
}
]
}
}
}
}
i have executed the query on 14th march 2018 , but query is giving output from 13 March 2018. Please provide me some suggestions