Query returns result with small size that is not my intention in elasticsearch-CodePudding

I am using rest api to query the result from ElasticSearch.

Below is the API query string.

GET /..../_search
{
"size":0,
  "query": { 
    "bool": {
      "must": [
        { "range": {
          "@timestamp": {
             "time_zone": " 09:00",        
              "gte": "2023-01-24T00:00:00.000Z", 
              "lt": "2023-01-24T03:03:00.000Z" } } },
          {
                      "term" : {
                        "serviceid.keyword" : {
                          "value" : "430011397"
                        }
                      }
                    }
        ]
    }
  },
  "aggs": {
    "by_day": {
      "auto_date_histogram": {
        "field":     "@timestamp",
        "minimum_interval":"minute"
      },
          "aggs": {
            "agg-type": {
              "terms": {
                "field": "nxlogtype.keyword",
                "size": 100000
              },
              "aggs": {
                      "my-sub-agg-name": {
                        "avg": {
                          "field": "size"
                        }
                      }
                }
              }
        }
      }
    }
  }

As you can see, I specified the time range about three hours in gte and lt field. However, the result returns only 6 buckets which have 30 minute intervals. I expected that many buckets will be returned with one minute interval during the timestamp I specified, but the result is always same even though I changed the time range as more extended one.

Since I am quite new to elastic search, I am not familiar with query usage. How to resolve my issue?

CodePudding user response：

You can use date histogram aggregation rather than auto_date_histogram to specify strict range.

Here is an example:

"aggs": {
  "by_day": {
    "date_histogram": {
      "field": "@timestamp",
      "calendar_interval":"minute"
    },
    ...