Pagination of the elastic buckets with size, from and order by a timestamp field

shivamkrpandey · February 4, 2020, 12:34pm

I want to paginate the buckets with "size" and "from" ordered by the "Timestamp" field. I have tried the bucket_sort but it did not work as it expects another sibling aggregation and cannot aggregate on the Timestamp field here. Elasticserch 6.7.2

My sample data is,

    [{
        "Name": "Event A",
        "Timestamp": "2020-02-02T09:45:20.954Z"
    },
    {
        "Name": "Event B",
        "Timestamp": "2020-02-04T09:45:20.954Z"
    },
    {
        "Name": "Event C",
        "Timestamp": "2020-02-03T09:45:20.954Z"
    },
    {
        "Name": "Event A",
        "Timestamp": "2020-02-01T09:45:20.954Z"
    },
    {
        "Name": "Event D",
        "Timestamp": "2020-01-15T09:45:20.954Z"
    }]

and current result is ordered by the doc_count but I want to order by date. My expected result is,

    "buckets": [
            {
            "key": "Event B",
            "doc_count": 1
            }
            ,
            {
            "key": "Event C",
            "doc_count": 1
            }
            ,
            {
            "key": "Event A",
            "doc_count": 2
            }
            ,
            {
            "key": "Event D",
            "doc_count": 1
            }
      ]

Thanks in advance.

Edit 1 -
I have tried the query to get the ordered buckets without "from",

{
    "size": 0,
    "aggs": {
        "eventNames": {
            "terms": {
                "field": "Name",
                "size": 5,
                "order": {
                    "firstOccurredAggs": "desc"
                }
            },
            "aggs": {
                "firstOccurredAggs": {
                    "min": {
                        "field": "Timestamp"
                    }
                }
            }
        }
    }
}

But I was not able to paginate the results.

spinscale · February 5, 2020, 9:45am

You may want to check out the composite agrgegation

shivamkrpandey · February 5, 2020, 10:39am

Hi spinscale, I tried composite too but not able to use "from" with it.

{
  "size": 0,
  "aggs": {
    "my_buckets": {
      "composite": {
        "sources": [
          {
            "eventNames": {
              "terms": {
                "field": "Name"
              }
            }
          },
          {
            "timestamps": {
              "terms": {
                "field": "Timestamp",
                "order": "desc"
              }
            }
          }
        ]
      }
    }
  }
}

spinscale · February 7, 2020, 2:02pm

you need to use size/after within the aggretation, see the end of the documentation.

system · March 6, 2020, 2:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.