Newbie query to return a single doc from every 4 hours of data

Mark_Lloyd · September 4, 2018, 10:28pm

Hi All

I'm very new to elastic search. I have an index that is indexing data received by ES every 10 seconds of everyday.

Now I want to query that data and filter it on some fields (got that sorted) and return data in groups, lets say groups of every 4 hours for past 24 hrs. I dont want to sum or avg anything in particular.

I want to return the closest single doc to each interval to basically build up some data points for use in a graph.

I'm looking at aggs but that only returns buckets with document counts.

I'm not even sure what term or concept I should be looking for in the docs.

Can anyone help out there?

Cheers

abdon · September 7, 2018, 9:50am

I think the top_hits aggregation may be what you're looking for. This is an aggregation that you can nest in a bucket aggregation (in your case a date_histogram aggregation with a 4 hour interval). The top_hits aggregation then shows you one or more documents in each of those buckets, based on whatever sorting criteria you apply.

Mark_Lloyd · September 8, 2018, 11:28pm

Many thanks for the tip

I’ll be trying it out this coming week

Appreciated

Topic		Replies	Views
Elasticsearch Aggregation - Return a list of array from documents found Elasticsearch	4	1619	January 6, 2021
Help with aggregations Elasticsearch	4	1890	December 25, 2017
Date Histogram - group by hour interval across multiple days Elasticsearch	4	6690	April 21, 2017
Return a single document per user per hour Elasticsearch	5	430	July 6, 2018
Average doc_count per hour? Elasticsearch	3	1577	July 6, 2017

Newbie query to return a single doc from every 4 hours of data

Related topics