My Elasticsearch index mappings -
{
"mappings": {
"properties": {
"timestamp": {
"type": "date"
},
"detail": {
"type": "nested",
"properties": {
"attributes": {
"properties": {
"levelValue": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
}
}
}
}
}
Possible values of levelValue -> A, B, C
A new document is created in my index whenever levelValue changes it's value
I want to create a time series graph which will show the levelValue of objects over time and I am trying to use cumulative sum query to achieve this.
and I cannot change my index mappings.
Query
{
"size": 0,
"aggs": {
"updates_over_time": {
"date_histogram": {
"field": "timestamp",
"calendar_interval": "day"
}
},
"detail": {
"nested": {
"path": "detail"
},
"aggs": {
"levelValue_updates": {
"terms": {
"field": "detail.attributes.levelValue.keyword"
}
},
"cumulative_levelValue_updates": {
"cumulative_sum": {
"buckets_path": "levelValue_updates"
}
}
}
}
}
}
I am getting the following error -
\"reason\":\"Validation Failed: 1: cumulative_sum aggregation [cumulative_levelValue_updates] must have a histogram, date_histogram or auto_date_histogram as parent;\"