I have written a query in elastic search using range on a timestamp field. I need to find the latest timestamp for each group. First I perform the query, then group by the name field, then try to select the latest timestamp by sorting then using top_hits with size set to 1.
But it is not working, I am seeing multiple names returned with the same timestamp.
Any suggestions are appreciated. Below is my json I use for the search Post query from postman. I am using a bool query because we plan to add more queries, once I get this working.
{
"query" : {
"bool": {
"must": [ {
"range" : { "timestamp" : { "gte" :"2016-10-05T15:00:35", "lte" : "2016-10-06T15:10:35" } }
}
]
}
},
"aggs": {
"groupbyname": {
"terms": {
"field": "name"
},
"aggs": {
"top_group_hits": {
"top_hits": {
"sort": [
{
"timestamp": {
"order": "desc"
}
}
],
"size": 1
}
}
}
}
}
}