I need to filter a group of values based on date (added field here) and then group it by device_id. So I am using the following thing :
{
"aggs":{
"dates_between":{
"filter": {
"range" : {
"added" : {
"gte": "2014-07-01 00:00:00",
"lte" :"2014-08-01 00:00:00"
}
}
},
"aggs": {
"group_by_device_id": {
"terms": {
"field": "device_id"
}
}
}
}
}
}
This is giving me an error "Failed to parse source" when executing the query. This is the right way of doing it ?
If I execute the date aggregation only it is showing values which are not in the specified date range
It is the other way around dates_between is a nested aggregation of group_by_device_id
"aggs": {
"group_by_device_id": {
"terms": {
"field": "device_id"
},
"aggs": {
"dates_between": {
"filter": {
"range": {
"added": {
"gte": "2014-07-01 00:00:00",
"lte": "2014-08-01 00:00:00"
}
}
}
}
}
}
}
You could also move the filter into the the query:
{
"query": {
"filtered": {
"query": {
"match_all": {}
},
"filter": {
"range": {
"added": {
"gte": "2014-07-01 00:00:00",
"lte": "2014-08-01 00:00:00"
}
}
}
}
},
"aggs": {
"group_by_device_id": {
"terms": {
"field": "device_id"
}
}
}
}