I have lots of logs in elasticsearch and have to count how many logs I have per one day from last 10 days. Unfortunately my json doesn't work. Could you check where I made mistake? Thanks in advance ! :)
I need something like:
date : records
2023-03-17 256
2023-03-18 148
Below is my json with some mistake
GET /index_name/_search
{
"query": {
"range": {
"@timestamp": {
"gte": "now-11d",
"lte": "now-1d"
}
}
},
"aggs" : {
"byDay" : {
"date_histogram" : {
"field" : "@timestamp",
"calendar_interval" : "1d",
"format" : "yyyy-MM-dd"
}
}
}
}
result of above execution:
{
"took": 448,
"timed_out": false,
"_shards": {
"total": 3,
"successful": 3,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 0,
"relation": "eq"
},
"max_score": null,
"hits": []
},
"aggregations": {
"byDay": {
"buckets": []
}
}
}
Structure of my index look like that:
{ "took": 621, "timed_out": false, "_shards": {
"total": 3,
"successful": 3,
"skipped": 0,
"failed": 0 }, "hits": {
"total": {
"value": 10000,
"relation": "gte"
},
"max_score": 1,
"hits": [
{
"_index": "logs-000001",
"_id": "FDiUoYYB6jibW4tyO_7l",
"_score": 1,
"_source": {
"@timestamp": "2023-03-02T09:08:08.029Z",
"qid": "7079B4FEE7",
"status": "status_A",
}
},
{
"_index": "logs-000001",
"_id": "FTiUoYYB6jibW4tyO_7l",
"_score": 1,
"_source": {
"@timestamp": "2023-03-02T09:08:08.057Z",
"qid": "BE5694FEFB",
"status": "status_A",
}
}
]
} }
For your example I increased the range.
{
"size": 0,
"query": {
"range": {
"@timestamp": {
"gte": "now-31d",
"lte": "now-1d"
}
}
},
"aggs": {
"byDay": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "1d",
"format": "yyyy-MM-dd"
}
}
}
}
Results:
"aggregations" : {
"byDay" : {
"buckets" : [
{
"key_as_string" : "2023-03-02",
"key" : 1677715200000,
"doc_count" : 2
}
]
}
}