My documents are like this below:
{
"uri" : "post:1130a8ef197882bc3ebd",
"topic_list" : [
"bye",
"hello"
],
"datetime" : "2010-06-06T22:08:49"
}
I want to make a query to aggregate on both datetime and topic_list. My desired output is to tell me that on each time interval, how many docs has the hello topic in topic_list.
What I’ve tried was this:
{
"size": 0,
"aggs": {
"test": {
"terms": {
"field": "topic_list"
}
}
}
}
But the output just tell me how many docs containing every topic at all times and not in the intervals.
How can I create such aggregation?
>Solution :
You need to add two more things:
- a query to only restrict the results to documents containing the topic "hello". If you’re only interested in the document count per time interval, you don’t need the
termsaggregation on thetopic_listfield - a
date_histogramaggregation to create time intervals
Here is the query:
{
"size": 0,
"query": {
"term": {
"topic_list": "hello"
}
},
"aggs": {
"intervals": {
"date_histogram": {
"field": "date",
"calendar_interval": "1d"
}
}
}
}