You need to do it this way, i.e. add the date range as a query to reduce the document set, and then run the terms aggregation only on the documents that fall into that date range:
Terms Aggregation
A multi-bucket value source based aggregation where buckets are dynamically built - one per unique value.
Date Range Aggregation
A range aggregation that is dedicated for date values. The main difference between this aggregation and the normal range aggregation is that the from and to values can be expressed in Date Math expressions, and it is also possible to specify a date format by which the from and to response fields will be returned. Note that this aggregation includes the from value and excludes the to value for each range.
POST index/_search?size=0
{
"query": {
"bool": {
"must": [
{
"range": {
"tstamp": {
"gte": 1591795757000,
"lte" : 1591890413000
}
}
}
]
}
},
"aggs": {
"result": {
"terms": {
"field": "tstamp",
"size":171
}
}
}
}
No comments:
Post a Comment