1

I am trying to do aggregation on documents which contains datetime and CPU time and server name. I want to find the avg CPU time on latest date. I have the following query which partially works it gives me the avg CPU time but not on latest date it just randomly chooses date. 

client.prepareSearch("myindex").
       setTypes("mytype").
       setQuery(
           QueryBuilders.filteredQuery(QueryBuilders.matchAllQuery(),
           FilterBuilders.andFilter(FilterBuilders.termFilter("server","x")))).
       addAggregation(AggregationBuilders.avg("cpu_agg")
           .field("dt_time").field("cpu_time"))
       .get()

Please guide. I want avg cpu time on latest date say today's date. I am new to ElasticSearch. Thanks in advance.

Improve this question
2
  • Kinda strange search request. Why do you use andfilter with only one clause? And it is kind of deprecated - use boolfilter instead. Why do you provide two fields to avg aggregation? AFAIK it needs only one. If you want avg only for specified date use range filter on dt_time Commented Aug 3, 2014 at 14:55
  • yep, you should move your dt_time into the filtering part (i.e. remove it from aggregation and add another filter, that filters on latest date) Commented Aug 3, 2014 at 15:15

1 Answer 1

Reset to default
3 
   client.prepareSearch("myindex").
   setTypes("mytype").
   setQuery(
       QueryBuilders.filteredQuery(QueryBuilders.matchAllQuery(),
       FilterBuilders.andFilter(FilterBuilders.termFilter("server","x")))).
   addAggregation(AggregationBuilders.avg("cpu_agg")
       .field("dt_time").field("cpu_time"))
   .get()

look at the portion (where field is set to dt_time at first and replaced to cpu_time), which means aggregation is build for cpu_time,

If you want to get cpu time in today's date then one way is use date filter , 

       FilterBuilders.andFilter(FilterBuilders.termFilter("server","x"),FilterBuilders.rangeFilter("dt_time").to(to).from(from))))

For your problem, from = to = today_date (or last date)

so finally, 

client.prepareSearch("myindex").
                setTypes("mytype").
                setQuery(
                        QueryBuilders.filteredQuery(QueryBuilders.matchAllQuery(),
                                FilterBuilders.andFilter(FilterBuilders.termFilter("server", "x"), FilterBuilders.rangeFilter("dt_time").to("to").from("from")))).
                addAggregation(AggregationBuilders.avg("cpu_agg")
                        .field("cpu_time"))
                .get();
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Hi thanks a lot for the reply. How do I give input date if I dont know in advance. I want something like select max(date) from table;
You cannot feed a result of one (metric) aggregation to another, If you have to do max(date), then execute aggregation to get max date to get date, and do another aggregation for cpu_time.
Hi I tried to use Aggregation.max("dt_time_agg").field("dt_time") but it does not give me max date it somehow converts date into double exponential value. It would be great help if you help me find the max/latest date from documents.
You can ask a separate question for this, I or any-other can answer and find it useful.
I found solution max aggregation returns double which needs to be converted into long and then to datetime.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.