Yoni Levine
Reputation: 63
Evenly Distribute Number of Results Across a Date Range Elasticsearch Opensearch
I'm currently running an open wildcard Elasticsearch query across 30-day date range that looks like this
{'query': {'bool': {'must': [{'query_string': {'query': '*', 'fields': ['full_text']}}, {'range': {'datetime': {'gte': '2024-01-02T01:45:50Z', 'lt': '2024-02-01T01:45:50Z'}}}, {'terms': {'country': ['us']}}]}}, 'from': 0, 'size': 1000}}
The query looks across multiple indices, and the issue I'm running into is that all of the results are from the last day or two. Is there any way to design this query so that I can receive an equal number of results per day (e.g. size/#days 1000/30)?
I've tried using aggs with a date_histogram, but it just seems to return the document count in the aggregations.
Thanks
Upvotes: 0
Views: 57
Answers (1)
D.T
Reputation: 537
You might want to add a top_hits aggregation as a sub aggregation to your date_histogram, this would return the top result for each date.
Try this aggregation to your query:
"aggs": {
"grouping": {
"date_histogram": {
"field": "datetime",
"interval": "1d",
"min_doc_count": 1
},
"aggs": {
"top_five": {
"top_hits": {
"size": 5
}
}
}
}
}
Upvotes: 0
Related Questions
- Why does pipeline aggs query fail if it includes filter aggs?
- Elasticsearch - search across multiple indices with conditional decay function
- How to boost most popular (top quartile) in elasticsearch query results (outliers)
- how to get aggregate aggregations by indices in a multiple index search?
- Elasticsearch: Query partly affect the aggregation result for date histogram on nested field
- Elasticsearch query_string with date math