Terms Bucket Aggregation count per Year

Manisekhar_techo · September 17, 2021, 1:44pm

I have a terms Bucket Aggregation, is there a way for me to get the date histogram for those individual bucket items by combining the date histogram with that

date Histogram

{
    "dates": {
        "date_histogram": {
            "field": "pulbicationDate",
            "interval": "year",
            "format": "yyyy"
        }
    }
}

Buckets Aggregation

{
    "aggs": {
        "category": {
            "terms": {
                "field": "categoryId",
                "size": 200
            }
        }
    }
}

combining the both, I was Expecting something like

{
    "buckets": {
        "item1": {
            "size": 10
        },
        "datehistogram": [
            {
                "year": 2020,
                "count": 8
            },
            {
                "year": 2021,
                "count": 2
            }
        ]
    }
}

Thank you

tmp13 · September 20, 2021, 7:07am

I'm not sure I understood the question, but
for example on simple index logs-* that have documents like this:

        {
          "@timestamp" : 893964682,
          "clientip" : "247.37.0.0",
          "request" : "GET /images/hm_nbg.jpg HTTP/1.0",
          "status" : 304,
          "size" : 0
        }

You can do query (i split by month):

GET logs-*/_search
{
  "size": 0,
  "aggs": {
    "ip_list": {
      "terms": {
        "field": "clientip",
        "size": 200
      },
      "aggs": {
        "ip_over_time": {
          "date_histogram": {
            "field": "@timestamp",
            "calendar_interval": "month"
          }
        }
      }
    }
  }
}

and result backets will be:

...
        {
          "key" : "129.0.0.0",
          "doc_count" : 277423,
          "ip_over_time" : {
            "buckets" : [
              {
                "key_as_string" : "1998-04-01T00:00:00.000Z",
                "key" : 891388800000,
                "doc_count" : 138
              },
              {
                "key_as_string" : "1998-05-01T00:00:00.000Z",
                "key" : 893980800000,
                "doc_count" : 51589
              },
              {
                "key_as_string" : "1998-06-01T00:00:00.000Z",
                "key" : 896659200000,
                "doc_count" : 225696
              }
            ]
          }
        },
        {
          "key" : "94.35.0.0",
          "doc_count" : 258085,
          "ip_over_time" : {
            "buckets" : [
              {
                "key_as_string" : "1998-05-01T00:00:00.000Z",
                "key" : 893980800000,
                "doc_count" : 40416
              },
              {
                "key_as_string" : "1998-06-01T00:00:00.000Z",
                "key" : 896659200000,
                "doc_count" : 217669
              }
            ]
          }
        },
etc....

Manisekhar_techo · September 20, 2021, 7:34am

Thank you Petr Degtiarev,

sorry for not being descriptive. I posted the same question again in this thread
https://discuss.elastic.co/t/date-histogram-for-bucket-aggregation/284592

funnily posted the answer as a question again. Maybe I've done something wrong when hitting the cluster. after seeing your answer only then I went back and tried my answer/question again, this time it works.

Thank you so much for your help.

system · October 18, 2021, 7:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.