elasticsearchkibanadate-histogram
How to get all buckets of last 24hrs in date histogram in elasticsearch
I am using Date Histogram with Minimum interval as Hourly to get the results of Last 24 Hours and getting below graph. (v is 7.4)
The request is ,
GET access*/_search?pretty=true
{
"aggs": {
"2": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "1h",
"time_zone": "Asia/Calcutta",
"min_doc_count": 0,
"format": "k"
}
}
},
"size": 0,
"_source": {
"excludes": []
},
"stored_fields": [
"*"
],
"docvalue_fields": [
{
"field": "@timestamp",
"format": "date_time"
}
],
"query": {
"bool": {
"must": [],
"filter": [
{
"match_all": {}
},
{
"match_phrase": {
"Request_URI": {
"query": "\"/isp/v1/*\""
}
}
},
{
"range": {
"@timestamp": {
"format": "strict_date_optional_time",
"gte": "now-24h",
"lte": "now"
}
}
}
],
"should": [],
"must_not": []
}
}
}
In the curl response, i am getting below
"buckets" : [
{
"key_as_string" : "9",
"key" : 1627270200000,
"doc_count" : 44
},
{
"key_as_string" : "10",
"key" : 1627273800000,
"doc_count" : 51
},
{
"key_as_string" : "11",
"key" : 1627277400000,
"doc_count" : 0
},
{
"key_as_string" : "12",
"key" : 1627281000000,
"doc_count" : 0
},
{
"key_as_string" : "13",
"key" : 1627284600000,
"doc_count" : 0
},
{
"key_as_string" : "14",
"key" : 1627288200000,
"doc_count" : 3
},
{
"key_as_string" : "15",
"key" : 1627291800000,
"doc_count" : 16
},
{
"key_as_string" : "16",
"key" : 1627295400000,
"doc_count" : 57
}
Although for last 24h, data first start coming at 9AM but why it's not returning all buckets before 9AM if i am using now-24h .i.e its not showing all last 24 buckets. How can i get that?
Thanks,
Solution
You need to use extended_bounds in order to make sure to get the first buckets which contain no documents:
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "1h",
"time_zone": "Asia/Calcutta",
"min_doc_count": 0,
"format": "k",
"extended_bounds": {
"min": "now-24h",
"max": "now"
}
}
- Constrain a Specman list so it doesn't have identical values in consecutive elements
- How to type cast a list of uint to a list of vr_ahb_data in Specman?
- Static fields/methods in e
- What is the difference between deep_copy and gen keeping in Specman?
- Specman UVM: What is the difference between write_reg { .field == 2;}; and write_reg_fields?
- Does Specman support optional parameters to a method?
- Specman e: When colon equal sign ":=" should be used?
- Specman e: Is there a way to know how many values there is in an enumerated type?
- Specman e error: No match for file when using "for each line in file"
- How to run e file one by one? Not in parallel test
- Specman/e constraint (for each in) iteration
- Specman e: How driver's items queue can be locked from a sequence?
- Specman e: How to print variable's address?
- Specman e: "keep type .. is a" fails to refine the type of a field
- Specman soft select on variable, decimal vs. hexadecimal values
- Specman e: How to print a pointer to a struct?
- Specman e: Is there a way to print unit instance name?
- Specman e: simultaneous events error
- Specman e coverage: ignored values appear in the coverage statistics
- Specman e: How a sequence should be started when gen_and_start_main constrained to FALSE?
- Specman/e list of lists (multidimensional array)
- Does Specman e have struct constructor?
- Specman e: How the predefined sequence.item should be used?
- Specman e: define-as-computed macro error
- Specman e UVM: Why to inherit from uvm_* units?
- Specman e: A sequence drives its BFM also its MAIN was not defined in a test
- e HVL (IEEE 1647): expect expression fails unexpectedly
- Specman e subtyping: How to refer to FALSE value of conditional field in when/extend subtyping?
- e HVL (IEEE 1647): How to set 'X' value?
- Difference between declaring an event that is sensitive to a simple_port value and event_port