Outputting new values in the last X months compared to entire timeline

yananas · July 25, 2019, 12:33pm

Greetings,

Using Elasticsearch 2.4, directly by DSL query.

I am looking for a way to output values that only appeared in the last X months compared to the entire timeline.

Example: given a dataset with these data

NAME	DATE
A	01-01-2017
A	01-01-2018
A	01-01-2019
B	01-01-2018
B	01-01-2019
C	01-01-2019

I would like to retrieve the data that appeared in the last 12 months but never appeared before 12 months ago. In other words, the data that appeared for the first time ever in the last 12 months.

Expected result would be:

NAME	DATE
C	01-01-2019

I'm not sure how to approach this with an ES query, does anyone have an idea?

Thanks in advance

Mark_Harwood · July 26, 2019, 9:24am

The significant_terms aggregation should be able to help with that.
Just do a range query for the last 12 months and use the significant_terms aggregation on the name field.
Note this sort of "what's new?" analysis won't typically work if you are using time based indices (e.g. one new index per month/year). It's very hard to do any kind of extensive "diff" when the content being compared is on different machines.

system · August 23, 2019, 9:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.