Hi,
let's say i have documents with fields: name, surname, score and timestamp;
i'm aggregating it by combination name and surname then getting last score of the day for each pair for 1 week, BUT:
i'm trying to get them results sorted by @timestamp desc for few inputs each of them is 1 week;
I can easily aggregate them and add together to get a whole month, but i can't sort them by day;
Is there any functions in painless i could use maybe in script to sort an array of maps by @timestamp field?
my sample input chain:
{
"week_1": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"score"
],
"rest_total_hits_as_int": true,
"body": {
"size": 10000,
"query": {
"bool": {
"must_not": [
{
"term": {
"score": -1
}
}
],
"filter": [
{
"range": {
"@timestamp": {
"gte": "now-7d/d"
}
}
}
]
}
},
"aggs": {
"names": {
"terms": {
"field": "name",
"size": 10000
},
"aggs": {
"surnames": {
"terms": {
"field": "surname",
"size": 10000
},
"aggs": {
"days": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "day"
},
"aggs": {
"last_document": {
"top_hits": {
"size": 1,
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}
}
}
}
}
}
}
}
}
}
}
}
}
},
{
"week_2": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"score"
],
"rest_total_hits_as_int": true,
"body": {
"query": {
"bool": {
"must_not": [
{
"term": {
"score": -1
}
}
],
"filter": [
{
"range": {
"@timestamp": {
"gte": "now-14d/d",
"lt": "now-8d/d"
}
}
}
]
}
},
"aggs": {
"names": {
"terms": {
"field": "name",
"size": 10000
},
"aggs": {
"surnames": {
"terms": {
"field": "surname",
"size": 10000
},
"aggs": {
"days": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "day"
},
"aggs": {
"last_document": {
"top_hits": {
"size": 1,
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}
}
}
}
}
}
}
}
}
}
}
}
}
},
{
"all_score": {
"transform":{
"script":{
"source": """
def docs = [];
for (item in ctx.payload.week_2.aggregations.names.buckets){
for (surnames in item.surnames.buckets){
for (day in surnames.days.buckets){
docs.add(day.last_document.hits.hits[0]);
}
}
}
for (item in ctx.payload.cvss_score_week_1.aggregations.names.buckets){
for (surnames in item.surnames.buckets){
for (day in surnames.days.buckets){
docs.add(day.last_document.hits.hits[0]);
}
}
}
return docs;
""",
"lang": "painless"
}
}
}
}