I'm very new to elastic search. I have an index that is indexing data received by ES every 10 seconds of everyday.
Now I want to query that data and filter it on some fields (got that sorted) and return data in groups, lets say groups of every 4 hours for past 24 hrs. I dont want to sum or avg anything in particular.
I want to return the closest single doc to each interval to basically build up some data points for use in a graph.
I'm looking at aggs but that only returns buckets with document counts.
I'm not even sure what term or concept I should be looking for in the docs.
I think the top_hits aggregation may be what you're looking for. This is an aggregation that you can nest in a bucket aggregation (in your case a date_histogram aggregation with a 4 hour interval). The top_hits aggregation then shows you one or more documents in each of those buckets, based on whatever sorting criteria you apply.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.