Query for values not present for the last 90 days

ChristianOelsner · July 11, 2022, 10:39am

Hello forum,
I am trying to wrap my head around a query.

In order to weed out some users i need to search for values in field "data.authenticationInfo.metadata.identifier.keyword" not present in the last 90 days.

Could a kind soul point me in the right direction on how to query for that?

Best regards

Oelsner

Christian_Dahlqvist · July 11, 2022, 3:54pm

Some additional context might be useful. Are you using time-based indices? How much data do you have? What is the cardinality of the field you mentioned? Which version of Elasticsearch are you using?

Tomo_M · July 13, 2022, 1:37pm

Answering the question without knowing the asked context, one possibility is that

terms aggregate on data.authenticationInfo.metadata.identifier.keyword
max aggregation of "time" field as a sub-aggregation for 1.
bucket selector aggregation for the result of max "time" field as a pipeline aggregation for 1.

system · August 10, 2022, 1:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Query the list of changes for a keyword field Elasticsearch	3	457	June 3, 2018
Finding changes (diffs) Elasticsearch	2	750	January 6, 2017
Distinct values of one field based on date range Elasticsearch	2	622	January 7, 2021
Terms Aggregation, but over a time period? Elasticsearch	5	1706	March 11, 2020
Issue with query on not indexed field Elasticsearch	1	337	December 25, 2018

Query for values not present for the last 90 days

Related topics