Next, we will look at how to focus on a specific day by filtering the data for the other time periods and changing the value of the interval to a smaller value. We are trying to get an hourly breakdown of data usage for September 25, 2017.
What we are doing is also called drilling down in the data. Often, the result of the previous query is displayed as a line chart, with time on the x axis and data used on the y axis. If we want to zoom in on a specific day from that line chart, the following query can be useful:
GET /bigginsight/_search?size=0
{
"query": {
"bool": {
"must": [
{"term": {"customer": "Linkedin"}},
{"range": {"time": {"gte": 1506277800000}}}
]
}
},
"aggs": {
"counts_over_time": {
"date_histogram": {
"field": "time",
"interval": "1h",
"time_zone": "+05:30"
},
"aggs": {
"hourly_usage": {
"sum": { "field": "usage" }
}
}
}
}
}
The shortened response would look like the following:
{
...,
"aggregations": {
"counts_over_time": {
"buckets": [
{
"key_as_string": "2017-09-25T00:00:00.000+05:30",
"key": 1506277800000,
"doc_count": 465,
"hourly_usage": {
"value": 1385524
}
},
{
"key_as_string": "2017-09-25T01:00:00.000+05:30",
"key": 1506281400000,
"doc_count": 478,
"hourly_usage": {
"value": 1432123
}
},
...
}
As you can see, we have buckets for one-hour intervals, with data for those hours aggregated within each bucket.
The Date Histogram aggregation allows you to do many powerful time series analyses. As you have seen in these examples, aggregating from a one-day interval to a one-hour interval is extremely easy. You can slice your data in the required interval on demand, without planning it in advance. You can do this with big data; there are hardly any other data stores that can provide this type of flexibility with big data.