Querying downsampled data

To query a downsampled index, use the _query endpoint. The _search and _async_search endpoints are also supported but not optimized for time series processing.

You can use the ES|QL TS command to query time series data streams. The TS command is optimized for processing time series data efficiently and enables the use of time series aggregation functions with window support.

• You can query multiple raw data and downsampled indices in a single request, and a single request can include downsampled indices with multiple downsampling intervals (for example, 15m, 1h, 1d).
• When you run queries in Kibana and through Elastic solutions, a standard response is returned, with no indication that some of the queried indices are downsampled.
• Date histogram aggregations support fixed_intervals only (not calendar-aware intervals).
• Time-based histogram aggregations use a uniform bucket size, without regard to the downsampling time interval specified in the request.

Date histograms are based on UTC values. Some time zone situations require offsetting (shifting the time buckets) when downsampling:

• For time zone +5:30 (India), offset by 30 minutes -- for example, 2020-01-01T10:30:00.000 instead of 2020-03-07T10:00:00.000. Or use a downsampling interval of 15 minutes instead of offsetting.
• For intervals based on days rather than hours, adjust the buckets to the appropriate time zone -- for example, 2020-03-07T19:00:00.000 instead of 2020-03-07T00:00:00.000 for America/New_York.

When offsetting is applied, responses include the field downsampled_results_offset: true.

For more details, refer to Date histogram aggregation: Time zone.