How to group documents by hour in elasticsearch?

Question

I have my documents indexed in different times. Now I need to group these documents by per hour of day.That is the buckets after aggregation should show ranges from 00 to 23. is this kind of sorting possible in elasticsearch?

Answer 1

Probably late to the party, but this kind of aggregation is not directly possible using Elasticsearch. There are couple of workarounds though:

1. You can store the hour field as a separate field at the time of indexing.
2. You can use the histogram provided by Elasticsearch and merge the results in application code.
3. You could use the script as suggested by @Heschoon. (One wrinkle is if this is in prod, you might have disabled inline scripts, so you can't directly do this in query. Instead you will need to add a script)

Answer 2

If you want to group your documents by hour-of-day, without taking into account the year, date, milliseconds, you may want to use the following aggregation:

{
    "aggs": {
        "perHour": {
            "terms": {
            "script": "Date date = new Date(doc['dateCreated'].value) ;java.text.SimpleDateFormat format = new java.text.SimpleDateFormat('HH');format.format(date)"
            }
        }
    }
}

The HH means that we want to get the hour-of-day. You will get 24 buckets, each one corresponding to one hour. This also can work for day-of-week statistics as say in this answer.

If you otherwise want to have hourly buckets for each day, use the date_histogram solution:

{
"aggs": {
  "Group By Date": {
     "date_histogram": {
        "field": "dateCreated",
        "interval": "hour",
        "format" : "k"
        }
     }
  }
}

Answer 3

Use date_histogram and set format as "k"

{
"aggs": {
  "Group By Date": {
     "date_histogram": {
        "field": "dateCreated",
        "interval": "hour",
        "format" : "k"

        }
     }
  }
}