Elasticsearch: Time Range aggregation is not working as expected

python elasticsearch aggregate aggregate-functions elasticsearch-aggregation

Your query is right but ES stores date in UTC and hence you are getting everything back. From the documentation

In JSON documents, dates are represented as strings. Elasticsearch uses a set of preconfigured formats to recognize and parse these strings into a long value representing milliseconds-since-the-epoch in UTC.

You could use the pytz module and store dates in UTC in ES. Refer to this SO question.

You could also use time_zone param in range query, also it is better to aggregate on filtered results rather than get all the results and then filter on all of them.

GET /logs_2016-11-03/logs/_search{  "query": {    "bool": {      "filter": {        "range": {          "@timestamp": {            "gte": "2016-11-03T07:15:35",         <----- You would need absolute value            "time_zone": "-01:00"              <---- timezone setting          }        }      }    }  },  "aggs": {    "just_stats": {      "stats": {        "field": "value"      }    }  },  "size": 0}

You would have to convert desired time(now-1m, now-15s) to format yyyy-MM-dd'T'HH:mm:ss for time_zone param to work as now is not affected by time_zone so best option is to convert dates to UTC and store it.

CodeHunter

Elasticsearch: Time Range aggregation is not working as expected

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last