We want to visualize the amount of time a user spend on our websites.
Let's say each user action on such a website has a timestamp (@timestamp) and the name of the site (page) and the users name (user). So we term-aggregate the documents by their user field, sub-aggregrate by the page field and then… then what? We thought about max and min metrics but it does not seem possible to calculate the difference between them. We thought about serial_diff aggregration but it is always embedded inside a histogram which is not what we want, I guess.
Does anybody have a good idea on that topic?
Hi @darefilz!
The use case you've described is a common case which aggregations don't do a great job of handling themselves. The best solution is really to index some additional information in something we like to call "entity-centric indexing".
Here's a video that describes entity-centric indexing, using your exact case as an example:
Hope this helps!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.