Krzysztof Polak
Reputation: 45
Combining query with date histogram
I'd like to calculate number of documents from last hour and aggregate them in 5 minute buckets. This is my query:
GET logs-tsi-2019.05/tsi-json-log/_search
{
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-1h",
"lt": "now"
}
}
},
{
"term" : {
"application" : "sso"
}
},
{
"query_string": {
"default_field": "*",
"query": "grant_type=refresh_token",
"analyze_wildcard": true
}
}
]
}
}
}
How to combine this query with date_histogram aggregation?
regards, Chris
Upvotes: 1
Views: 228
Answers (1)
Val
Reputation: 217254
Good start! You can do it like this:
GET logs-tsi-2019.05/tsi-json-log/_search
{
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-1h",
"lt": "now"
}
}
},
{
"term" : {
"application" : "sso"
}
},
{
"query_string": {
"default_field": "*",
"query": "grant_type=refresh_token",
"analyze_wildcard": true
}
}
]
}
},
"aggs": {
"5min": {
"date_histogram": {
"field": "@timestamp",
"interval": "5m"
}
}
}
}
Upvotes: 1
Related Questions
- Elasticsearch date histogram
- Elasticsearch Query: format issue when using Auto-interval date histogram aggregation
- Date histogram aggregation Elasticsearch
- ElasticSearch Date Histogram Aggregation considering dates within a Document range
- Fetch all time date_histogram buckets results
- Date_histogram aggregation returns bad results
- Elasticsearch 2.4 - Combining Date Range Filter with Date Histogram
- Elasticsearch Date Histogram aggregation with specific time range
- Elasticsearch date histogram aggregation on a duration of time
- Elasticsearch Date histogram Query