Peter
Reputation: 31691
Combining Range and Histogram Filter in ElasticSearch
Consider an event log stored in ElasticSearch. Events look like this
{
"timestamp": "2013-04-04T15:38:17Z",
"color": "red"
}
{
"timestamp": "2013-04-04T17:51:21Z",
"color": "green"
}
I want to draw frequency timelines per color. I know that I can get the timelines with two queries like this:
{
"query": {
"match": {
"color": "red"
}
},
"size": 0,
"facets": {
"freq": {
"date_histogram": {
"interval": "day",
"field": "timestamp"
}
}
}
}
The second query would "match": { "color": "green" }.
Can I combine these queries into one, that gives my either
- count(color) / day / bucket
- or one facet per color, containing the histogram for that color?
For two colors separate queries could work just fine, but as you might suspect this is a contrieved example. I am really dealing with more than ten colors and at this point a single query would be really nice.
Upvotes: 1
Views: 2792
Answers (1)
imotov
Reputation: 30163
You can combine facets for different colors into the same request using facet_filter:
{
"facets": {
"freq_red": {
"date_histogram": {
"interval": "day",
"field": "timestamp"
},
"facet_filter": {
"term": {
"color": "red"
}
}
},
"freq_green": {
"date_histogram": {
"interval": "day",
"field": "timestamp"
},
"facet_filter": {
"term": {
"color": "green"
}
}
}
}
}
Upvotes: 4
Related Questions
- Elasticsearch add range filter to aggregation
- Elastic Search combination of Range and Term filters
- elasticsearch range and term filter
- How to create a histogram in elasticsearch which takes into account date ranges
- Elasticsearch: Adding a filter range to each bucket in a date histogram
- term and range filters together in an elasticsearch query
- ElasticSearch: search in two different ranges with different aggregations for each
- Filter with elasticsearch
- Elasticsearch 2.4 - Combining Date Range Filter with Date Histogram
- Elasticsearch multiple range filters on same field