0 
{
  "query": {
    "filtered": {
      "query": {
        "match": {
          "log_path": "message_notification.log"
        }
      },
      "filter": {
        "numeric_range": {
          "time_taken": {
            "gte": 10
          }
        }
      }
    }
  },
  "aggs": {
    "distinct_user_ids": {
      "cardinality": {
        "field": "user_id"
      }
    }
  }
}

I have to run this query 20 times as i want to know notification times above each of the following thresholds- [10,30,60,120,240,300,600,1200..]. Right now, i am running a loop and making 20 queries for fetching this.

Is there a more sane way to query elasticsearch once and get ranges that fall into these thresholds respectively?

Improve this question

1 Answer 1

Reset to default
1

What you probably want is a "range aggregation".

Here is the possible query where you can add more range or alter them -

{ "size": 0, "query": { "match": { "log_path": "message_notification.log" } }, "aggs": { "intervals": { "range": { "field": "time_taken", "ranges": [ { "to": 50 }, { "from": 50, "to": 100 }, { "from": 100 } ] }, "aggs": { "distinct_user_ids": { "cardinality": { "field": "user_id" } } } } } }

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.