Use Date histogram interval in calculation?

Pieter_Agenbag · May 21, 2015, 3:05pm

Hi. Is it possible to use the interval of a date histogram aggregation in calculations of nested aggs ?
For instance, I have a query something like this:

{
  "size": 0,
  "query":{"filtered":{"query":{"match_all":{}}}}
  ,"aggs": {
    "x.interval": {
      "date_histogram": {
        "field": "timestamp",
        "interval": "1m",
        "pre_zone": "+02:00",
        "pre_zone_adjust_large_interval": true,
        "min_doc_count": 1,
        "extended_bounds": {
          "min": 1432215551896,
          "max": 1432219151896
        }
      },
      "aggs": {
        "y.value": {
          "sum": {
            "field": "to.bytes"
          }
        }
      }
    }
  }
}

That gives me a result something like this

   "aggregations": {
      "x.interval": {
         "buckets": [
            {
               "key_as_string": "2015-05-21T12:58:00.000Z",
               "key": 1432213080000,
               "doc_count": 15132,
               "y.value": {
                  "value": 236036536
               }
            },
            {
               "key_as_string": "2015-05-21T14:34:00.000Z",
               "key": 1432218840000,
               "doc_count": 17430,
               "y.value": {
                  "value": 5360547741
               }
            },
            {
               "key_as_string": "2015-05-21T14:35:00.000Z",
               "key": 1432218900000,
               "doc_count": 61721,
               "y.value": {
                  "value": 5192133328
               }
            },
            {
               "key_as_string": "2015-05-21T14:36:00.000Z",
               "key": 1432218960000,
               "doc_count": 53301,
               "y.value": {
                  "value": 4304589515
               }
            }

So, the inner buckets "y.value" is the sum of bytes used for a specific date interval (outer date aggregation "x.interval").
But I want to calculate the y.value as "sum(bytes) / interval" , to give me a bytes/second rate?

Thanx in advance.
Pieter

colings86 · May 22, 2015, 8:06am

You can't currently access the interval in sub-aggregations. However we have a derivative aggregation coming in 2.0 which you should be able to use to achieve what you describe above. Look at https://www.elastic.co/guide/en/elasticsearch/reference/master/search-aggregations-pipeline-derivative-aggregation.html for more information on the derivative aggregation

Topic		Replies	Views
Exponential interval in histogram Elasticsearch	1	586	December 7, 2016
Date Histogram Aggregation - decade interval Elasticsearch	3	1108	July 5, 2017
Date Histogram - group by hour interval across multiple days Elasticsearch	4	6619	April 21, 2017
Date_histogram buckets not as expected Elasticsearch	10	906	March 30, 2017
Date_histogram_aggs interval always 0 Elasticsearch	1	428	January 10, 2018

Use Date histogram interval in calculation?

Related topics