I have a field cid that I need to find the distinct values of.
But I want those cid that satisfy my date range constraint. What I mean is, I want distinct cid that were added to my Elasticsearch Database during the given time range.
I have tried many approaches, most of them just return all values and don't aggregate.
{
"aggs": {
"daterange": {
"range": {
"field": "@timestamp",
"ranges": [
{"from": "2019-05-02", "to": "2019-05-03"}
]
},
"aggs": {
"result": {
"terms": {
"field": "cid.keyword"
}
}
}
}
},
"_source":"cid"
}
I expect the distinct values of cid but what I get is all values that comply with the time range.
Update:
Val's answer works after changing my URL from /index/search?size=100 to /index/search
You need to do it this way, i.e. add the date range as a query to reduce the document set, and then run the terms aggregation only on the documents that fall into that date range:
{
"size": 0,
"query": {
"range": {
"@timestamp": {
"gte": "2019-05-02",
"lt": "2019-05-03"
}
}
},
"aggs": {
"result": {
"terms": {
"field": "cid.keyword"
}
}
}
}