Range aggregations

michaelaeino · July 20, 2017, 10:50am

hello everybody,
Can we do a range aggregations on Elasticsearch datasource ?
like the below:

torkel · July 20, 2017, 12:47pm

Yes, using filter aggregation it would be possible

michaelaeino · July 22, 2017, 12:25pm

really I couldn’t get it to work!
this is the kibana request: (note that kibana aggregate ranges on a scripted field)

{
  "size": 0,
  "aggs": {
"2": {
  "range": {
    "script": {
      "inline": "!doc['End_epoch'].empty ? ((doc['End_epoch'].value - doc['epoch'].value )) : ''",
      "lang": "painless"
    },
    "ranges": [
      {
        "from": 0,
        "to": 20
      },
      {
        "from": 21,
        "to": 60
      },
      {
        "from": 61
      }
    ],
    "keyed": true
  }
}
  },
  "version": true,
  "query": {
"bool": {
  "must": [
    {
      "query_string": {
        "query": "*",
        "analyze_wildcard": true
      }
    },
    {
      "exists": {
        "field": "End_Time"
      },
      "$state": {
        "store": "appState"
      }
    },
    {
      "range": {
        "timestamp": {
          "gte": 1500721947332,
          "lte": 1500725547333,
          "format": "epoch_millis"
        }
      }
    }
  ],
  "must_not": []
}
  },
  "_source": {
"excludes": []
  },
  "highlight": {
"pre_tags": [
  "@kibana-highlighted-field@"
],
"post_tags": [
  "@/kibana-highlighted-field@"
],
"fields": {
  "*": {
    "highlight_query": {
      "bool": {
        "must": [
          {
            "query_string": {
              "query": "*",
              "analyze_wildcard": true,
              "all_fields": true
            }
          },
          {
            "match_phrase": {
              "SMSC": {
                "query": "Etisalat_Dir"
              }
            }
          },
          {
            "exists": {
              "field": "End_Time"
            },
            "$state": {
              "store": "appState"
            }
          },
          {
            "range": {
              "timestamp": {
                "gte": 1500721947332,
                "lte": 1500725547333,
                "format": "epoch_millis"
              }
            }
          }
        ],
        "must_not": []
      }
    }
  }
},
"fragment_size": 2147483647
  }
}

Kibana response:

{
  "took": 1657,
  "timed_out": false,
  "_shards": {
    "total": 10,
    "successful": 10,
    "failed": 0
  },
  "hits": {
    "total": 1801,
    "max_score": 0,
    "hits": []
  },
  "aggregations": {
    "2": {
      "buckets": {
        "0.0-20.0": {
          "from": 0,
          "to": 20,
          "doc_count": 1542
        },
        "21.0-60.0": {
          "from": 21,
          "to": 60,
          "doc_count": 161
        },
        "61.0-*": {
          "from": 61,
          "doc_count": 91
        }
      }
    }
  },
  "status": 200
}

How could we do the same with grafana ?

vishals · May 4, 2019, 5:50pm

I have the exact same use case. Were you able to achieve this with grafana?

mefraimsson · May 15, 2019, 9:04am

Open a feature request of support for range aggregations: https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-range-aggregation.html