Elasticsearch Date histogram Query

Question

I am new to Elasticsearch and am working on clustering an index of photos by their dates. In particular, I would like to group photos that are taken in 1.5 hours.

I know that Elasticsearch has the Date Histogram Aggregation property, but it only returns "doc_count". I need to see the items on the index, not just the numbers.

What kind of query would help such need?

For your reference, the query below:

GET /account_index/_search?


"aggs":{ 
    "zamanlar":{
        "date_histogram" : {
            "field" : "EXIF DateTimeOriginal",
            "interval" : "1.5h"
        }
    }
}

Returns this:

{
"took": 6,
"timed_out": false,
"_shards": {
  "total": 5,
  "successful": 5,
  "failed": 0
},
 "hits": {
   "total": 1688,
   "max_score": 0,
   "hits": []
},
 "aggregations": {
  "zamanlar": {
     "buckets": [
        {
           "key_as_string": "2007:08:11 15:00:00",
           "key": 1186844400000,
           "doc_count": 7
        },
        {
           "key_as_string": "2007:08:11 18:00:00",
           "key": 1186855200000,
           "doc_count": 1
        },
        {
           "key_as_string": "2007:08:12 00:00:00",
           "key": 1186876800000,
           "doc_count": 7
        }]}}}

I DON'T want doc_count, which is just a number. I need to see the actual "group members." Thanks in advance.

Answer 1

You can use the top_hits sub-aggregation for each bucket. That way you'd get the hits for each date interval.

curl -XGET localhost:9200/account_index/_search -d '{
  "aggs":{ 
    "zamanlar":{
        "date_histogram" : {
            "field" : "EXIF DateTimeOriginal",
            "interval" : "1.5h"
        },
        "aggs": {
            "hits": {
                "top_hits": {
                    "size": 10,              <--- you can change the size
                    "sort": {"size":"desc"}  <--- and the sorting, too
                }
            }
        }
    }
  }
}'