elk stack - Modify ELK query that returns single count that is sum of counts for each of the last 30 days -
i have elk query returns me counts (for each of past 30 days). use aggregation below this:
'aggs': { 'group': { 'date_histogram': { 'field': timestampfield, 'interval': '1d', 'time_zone': timezone, 'min_doc_count': 1 } } }
now, want return count sum of above 30 values not want add results above query this. want modify query return total count directly. this, in above query, tried changing 'interval': '1d' =>
'interval': '30d'
but, returns me 2 buckets still. how modify above query returns me single count sum of count received each 30 days query above?
please note before part of query, have added part specifies date range (starttime , endtime kept between , 30 days before)
Comments
Post a Comment