ES|QL COUNT_OVER_TIME function
field- the metric field to calculate the value for
window-
the time window over which to compute the count over time
Calculates the count over time value of a field.
| field | window | result |
|---|---|---|
| aggregate_metric_double | time_duration
|
long |
| boolean | time_duration
|
long |
| cartesian_point | time_duration
|
long |
| cartesian_shape | time_duration
|
long |
| date | time_duration
|
long |
| date_nanos | time_duration
|
long |
| double | time_duration
|
long |
| geo_point | time_duration
|
long |
| geo_shape | time_duration
|
long |
| geohash | time_duration
|
long |
| geohex | time_duration
|
long |
| geotile | time_duration
|
long |
| integer | time_duration
|
long |
| ip | time_duration
|
long |
| keyword | time_duration
|
long |
| long | time_duration
|
long |
| text | time_duration
|
long |
| unsigned_long | time_duration
|
long |
| version | time_duration
|
long |
TS k8s
| STATS count=COUNT(COUNT_OVER_TIME(network.cost))
BY cluster, time_bucket = BUCKET(@timestamp,1minute)
| count:long | cluster:keyword | time_bucket:datetime |
|---|---|---|
| 3 | staging | 2024-05-10T00:22:00.000Z |
| 3 | prod | 2024-05-10T00:20:00.000Z |
| 3 | prod | 2024-05-10T00:19:00.000Z |