Elasticsearch aggregation over timestamp

3.2k Views Asked by Skanda Nag At 05 April 2025 at 19:37

I'm having the following document in ElasticSearch:

"ipAddress": "192.168.10.12", "timestamp": "25 Oct 2015 20:00:00", "switchovers": 2

"ipAddress": "192.168.10.12", "timestamp": "26 Oct 2015 20:00:00", "switchovers": 1

How can I write an elasticsearch aggregation to find out switchovers[today] - switchovers[yesterday] grouped by IP address?

This is where i'm at:

{
"size": 0,
"query": {
  "match_all": {}
},
    "aggs": {
      "switchover_count_over_time": {
        "terms": {
          "field": "ipAddress"
        },
      }
  }
}'

Yet to figure out how to extract switchovers for each date (from oct. for example) and compute the difference from the previous day's switchover value..

Any help?

Original Q&A

There are 1 best solutions below

user3775217 On 24 November 2015 at 12:03

You can use date histogram aggregation on a date/timestamp field.Here is the linkhttps://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-datehistogram-aggregation.html.Add a terms aggregation on ipaddress/switchovers inside the date_histogram aggregation.

{
    "aggs" : {
        "date_interval" : {
            "date_histogram" : {
                "field" : "date",
                "interval" : "month"
            }, "aggs": {
              "switch_over": {
                "terms": {
                  "field": "ip/switchovers",
                  "size": 100
                }
              }
            }
        }
    }
}

Hope this works for you.

Elasticsearch aggregation over timestamp

There are 1 best solutions below

Related Questions in ELASTICSEARCH

Related Questions in LUCENE

Related Questions in ELASTICSEARCH-API

Trending Questions

Popular # Hahtags

Popular Questions