Elasticsearch Date Histogram Aggregation - Syntax, Example, and Tips

The Date Histogram Aggregation is a multi-bucket aggregation that groups documents based on a date or timestamp field into buckets representing specific time intervals. It's particularly useful for time-based analysis and visualizations.

Syntax

"<aggregation_name>": {
  "date_histogram": {
    "field": "<date_field>",
    "calendar_interval": "<interval>",
    "format": "<date_format>",
    "time_zone": "<time_zone>"
  }
}

For detailed options and parameters, refer to the official Elasticsearch documentation.

Example Usage

GET /my-index/_search
{
  "size": 0,
  "aggs": {
    "sales_over_time": {
      "date_histogram": {
        "field": "date",
        "calendar_interval": "month",
        "format": "yyyy-MM-dd",
        "time_zone": "UTC"
      }
    }
  }
}

This example groups documents by month based on the "date" field, formatting the results in "yyyy-MM-dd" format and using UTC time zone.

Common Issues

  1. Incorrect field type: Ensure the specified field is of a date type.
  2. Invalid interval: Use appropriate interval values (e.g., "year", "quarter", "month", "week", "day", "hour", "minute", "second").
  3. Time zone discrepancies: Be aware of time zone settings to avoid unexpected results.
  4. Performance with large datasets: Consider using appropriate date ranges and intervals to manage performance.

Best Practices

  1. Use calendar_interval for calendar-aware intervals and fixed_interval for exact time durations.
  2. Combine with other aggregations (e.g., sum, avg) for more insightful time-based analytics.
  3. Utilize the extended_bounds parameter to include empty buckets for continuous date ranges.
  4. Consider using min_doc_count to filter out buckets with insufficient data.

Frequently Asked Questions

Q: How does the Date Histogram Aggregation handle daylight saving time (DST)?
A: The Date Histogram Aggregation respects DST changes when using calendar_interval. For consistent bucket sizes regardless of DST, use fixed_interval.

Q: Can I use Date Histogram Aggregation with nested fields?
A: Yes, you can use it with nested fields by wrapping the Date Histogram Aggregation inside a Nested Aggregation.

Q: How can I get the count of documents for each bucket in the Date Histogram?
A: The count is automatically included for each bucket. You don't need to specify an additional sub-aggregation for this.

Q: Is it possible to have custom date formats in the results?
A: Yes, you can specify custom date formats using the format parameter in the aggregation definition.

Q: How does Date Histogram Aggregation handle documents with missing date fields?
A: By default, documents with missing date fields are excluded. You can use the missing parameter to specify a default value for such documents.

Pulse - Elasticsearch Operations Done Right

All the Elasticsearch support you'll ever need

Free Trial

Subscribe to the Pulse Newsletter

Get early access to new Pulse features, insightful blogs & exclusive events , webinars, and workshops.