I have the following query which groups by a primary key mainjobid and then groups by a supplied time interval. I would like to restrict the aggregation and hits to a time range supplied by two datetime objects. Setting the Size limits the number of hits but I cannot figure out how to do the same thing for aggregates and how to set a global date range for both?
SearchResponse<LogLine> response = await _elasticsearchClient.SearchAsync<LogLine>(r =>
{
r.QueryLuceneSyntax(request);
r.Aggregations(arr =>
{
arr.Terms("group_by_mainjobid", i =>
{
i.Field(p => p.Fields.MainJobId);
i.Aggregations(agg =>
{
agg.DateHistogram("group_by_time", e =>
{
e.Field(p => p.TimeStamp).CalendarInterval(interval);
});
});
});
});
r.Index(Indices.Parse("log-index-*"));
r.Size(512);
});
Update: I was able to restrict the aggregates into a singular date range but the hits are unaffected. I tried to update the query string to include the timestamp range but that's not working.
SearchResponse<LogLine> response = await _elasticsearchClient.SearchAsync<LogLine>(r =>
{
r.QueryLuceneSyntax(request);
r.Aggregations(arr =>
{
arr.DateRange("range", darr =>
{
darr.Field(p => p.TimeStamp);
darr.Ranges(desc =>
{
desc.From(new FieldDateMath(DateMath.FromString(from.ToString("o", CultureInfo.InvariantCulture))));
desc.To(new FieldDateMath(DateMath.FromString(to.ToString("o", CultureInfo.InvariantCulture))));
});
darr.Aggregations(rarr =>
{
rarr.Terms("group_by_mainjobid", i =>
{
i.Field(p => p.Fields.MainJobId);
i.Aggregations(agg =>
{
agg.DateHistogram("group_by_time", e =>
{
e.Field(p => p.TimeStamp).CalendarInterval(interval);
});
});
});
});
});
});
r.Index(Indices.Parse("log-index-*"));
r.Size(logSize);
});
In c# for me to make a query to elastic between two dates and have both aggregations and hits respect it using the Lucene query language was to include the following snippet in my query string. No other changes were needed.
$"@timestamp:[\"{from:o}\" TO \"{to:o}\"]"