i tried using following query:
curl -xget 'localhost:9200/<index>/<type>/_search?pretty=true' -d ' { "size": 0, "query" : { "range" : { "_timestamp" : { "from" : "1420070400", "to" : "1451606400" } } }, "aggs": { "langs": { "terms": { "field": "<field>" } } } } ' the from/to detailed here january 1st 2015 till january 1st 2016. result query identical compared not having "query" part in query @ all.
what want achieve document count happens in given timerange, not existing documents of time
the mapping of type i'm working defined this:
"_timestamp" : { "enabled" : true, "store" : true, "format" : "date_time" } am doing wrong or working on mistaken assumption?
edit: clarify, i'm looking way see how many documents es has created in last 24 hours, per index, per type. not that, want aggregation on this.
so, let's our type "art" , field i'm aggregating on "type_of_art".
while in total there millions of documents, in last 24 hours there 7 statues, 5 painting , 3 operas got added. instance.
and if wanted know how created between october 1, 2014 , november 15, 2014, imagine exact same query produce result need.
the values dates held in milliseconds, correct query is:
{ "size": 0, "query" : { "range" : { "_timestamp" : { "from" : "1420070400000", "to" : "1451606400000" } } }, "aggs": { "langs": { "terms": { "field": "<field>" } } } } 
Comments
Post a Comment