using Elasticsearch 1.1.1
I'm trying to build a query of "page" views per second for the last 5 minutes for all accounts (so match all).
The mapping is...
"xxx-20140526": {
"mappings": {
"xxx": {
"properties": {
"accountId": {
"type": "long"
},
"hitTime": {
"type": "date",
"format": "dateOptionalTime"
},
}
}
}
}
The query...
POST /xxx-20140526/xxx/_search
{
"filter": {
"range": {
"timeHit": {
"gte": "2014-05-26T13:40", //Date generated dynamically now - 5mins
"lt": "2014-05-26T13:45" //Date generated dynamically now
}
}
},
"aggs": {
"views_per_sec": {
"date_histogram": {
"field": "timeHit",
"interval": "second"
}
}
}
}
But the aggregation also returns values from previous times...
"aggregations": {
"trx_per_sec": {
"buckets": [
{
"key_as_string": "2014-05-26T13:36:46.000Z",
"key": 1401111166000,
"doc_count": 72
},
... Other dates in the 30 mins range here...
{
"key_as_string": "2014-05-26T13:42:47.000Z",
"key": 1401111167000,
"doc_count": 5013
}
}
}
1- Do aggregations consider the filter? 2- Is it the right way to filter for the last 5 minutes or should I look at date aggregations?
I also tried...
{
"aggs": {
"range": {
"date_range": {
"field": "timeHit",
"format": "yyyy-MM-dd HH:mm:ss",
"ranges": [
{
"from": "now-5m"
}
]
}
}
}
}
But this doesn't seem to return the right amount of docs.
Ok so I got it working here is the query...
{
"size": 0, <--- Size zero. Don't return any docs we only care about the aggregation.
"aggs": {
"last_5_mins": {
"filter": {
"range": {
"hitTime": {
"gte": "now-5m",
"lte": "now"
}
}
},
"aggs": {
"tps": {
"date_histogram": {
"field": "hitTime",
"interval": "second"
}
}
}
}
}
}