CODEWITHSUNDEEP
elasticsearchsense
Giau Huynh
Giau Huynh

Reputation: 300

ElasticSearch Date Histogram Interval

Why my query contain filter from date, to date, but when use date histogram aggregation, start interval out of from date to date range(sometimes). My query filter from 2015-01-01 to 2015-01-31, interval start date must be in range 2015-01-01 to 2015-01-31, but start date my result is 2014-12-31. How can I define start date in range 2015-01-01 to 2015-01-31. date histogram

My full query:

{
  "size": 0,
  "aggs": {
    "cluster": {
      "terms": {
        "field": "cluster"
      },
      "aggs": {
        "histogram_Log": {
          "date_histogram": {
            "field": "actionTime",
            "interval": "1800m",
            "format": "dd/MM/YYYY hh:mm:ss"
          },
          "aggs": {
            "typelog": {
              "terms": {
                "field": "typeLog"
              }
            }
          }
        }
      }
    }
  },
  "query": {
    "filtered": {
      "filter": {
        "bool": {
          "must": [
            {
              "bool": {
                "must": [
                  {
                    "match_all": {}
                  },
                  {
                    "range": {
                      "actionTime": {
                        "lte": "2015-01-31T00:00:00.000",
                        "gte": "2015-01-01T00:00:00.000"
                      }
                    }
                  }
                ]
              }
            }
          ]
        }
      }
    }
  }
}

Upvotes: 2

Views: 3232

Answers (3)

ZeKai.Wang
ZeKai.Wang

Reputation: 1

Thank you for you question Code.I solve it.I delete some code form your template code.so I did this code for work.this is very easy template for "date_histogram => date range" is ok

       var queryOptions = 
            {
       "aggs": {
         "all_hours": {
             "date_histogram": {
               "field": "stamp",
               "interval": "1d",
               "format": "dd/MM/YYYY"
                         }
                     }
             },
            "query": {
       "filtered": {
       "filter": {
           "bool": {
             "must": [
               {
                 "bool": {
                   "must": [
                     {
                       "match_all": {}
                     },
                     {
                       "range": {
                         "stamp": {
                           "lte": "2016-10-20",
                           "gte": "2016-05-01"
                         }
                       }
                     }
                   ]
                 }
               }
             ]
           }
         }
      }
   }
  }
`

Upvotes: 0

Val
Val

Reputation: 217554

Use the following format with HH instead. You're using hh which are on a 12-hours scale instead of 24-hours scale.

   "format": "dd/MM/YYYY HH:mm:ss"

UPDATE

Given your interval of 1800m, you also need to specify this offset

   "offset": "1d"

Upvotes: 2

Perryn Fowler
Perryn Fowler

Reputation: 2232

The timestamp you have highlighted in your result is not the timestamp of a document, it is the start of your first bucket.

Your first bucket goes from 31/12/2014 00:00:00 to 01/01/2015 06:00:00.

You have filtered your query to only return documents with a timestamp later than 01/01/2015 00:00:00, but since that is before 01/01/2015 06:00:00 you have documents that fall into your first bucket.

If you want to also force your buckets to start at 01/01/2015 00:00:00 then you will need to specify it as the extended_bounds.min in the histogram aggregation.

Upvotes: 0

Related Questions