CODEWITHSUNDEEP
elasticsearch
KdgDev
KdgDev

Reputation: 14549

Elasticsearch: amount of new documents, per type, in the last 24 hours(or timeperiod)

I tried using the following query:

curl -XGET 'localhost:9200/<index>/<type>/_search?pretty=true' -d '
{
  "size": 0,
  "query" : { "range" : { "_timestamp" : { "from" : "1420070400", "to" : "1451606400" }  }  },
  "aggs": {
    "langs": {
      "terms": {
        "field": "<field>"
      }
    }
  }
}
'

The from/to detailed here is January 1st 2015 till January 1st 2016. The result from this query is identical compared to not having the "query" part in the query at all.

What I want to achieve is that the document count happens only in the given timerange, not for all existing documents of that time

The mapping of the type I'm working with is defined with this:

"_timestamp" : {
    "enabled" : true,
    "store" : true,
    "format" : "date_time"
}

Am I doing it wrong or am I working on a mistaken assumption?

EDIT: To clarify, I'm looking for a way to see how many documents ES has created in the last 24 hours, per index, per type. But not only that, I want to do an aggregation on this.

So, let's say our type is "art" and the field I'm aggregating over is "type_of_art".

While in total there could be millions of documents, in the last 24 hours there would only be 7 statues, 5 painting and 3 operas that got added. For instance.

And if I wanted to know how much was created between October 1, 2014 and November 15, 2014, I imagine that exact same query would produce the result I need.

Upvotes: 0

Views: 515

Answers (1)

Andrei Stefan
Andrei Stefan

Reputation: 52368

The values for dates are held in milliseconds, so the correct query is:

{
  "size": 0,
  "query" : { "range" : { "_timestamp" : { "from" : "1420070400000", "to" : "1451606400000" }  }  },
  "aggs": {
    "langs": {
      "terms": {
        "field": "<field>"
      }
    }
  }
}

Upvotes: 1

Related Questions