This repository has been archived by the owner on Aug 2, 2022. It is now read-only.
[BUG] Rollup aggregations are different between original index and generated index #457
Labels
bug
Something isn't working
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Describe the bug
I have configured a rollup job with a timestamp interval by day and it running without any problem, but i have tried to compare results between normal index and index generated by rollup and i can see this results are different:
Query performed in original index
GET /security-auditlog-2021.07.27/_search
{
"size": 0,
"query": {
"match_all": {}
},
"aggs": {
"date": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "day",
"time_zone": "UTC"
}
}
}
}
results..
{
"took" : 2,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 1301,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
},
"aggregations" : {
"date" : {
"buckets" : [
{
"key_as_string" : "2021-07-27T00:00:00.000Z",
"key" : 1627344000000,
"doc_count" : 1301
}
]
}
}
}
When I run the same query in the new index
GET /audit-zip/_search
{
"size": 0,
"query": {
"match_all": {}
},
"aggs": {
"date": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "day",
"time_zone": "UTC"
}
}
}
}
results
{
"took" : 2,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 1,
"relation" : "eq"
},
"max_score" : null,
"hits" : [ ]
},
"aggregations" : {
"date" : {
"buckets" : [
{
"key_as_string" : "2021-07-27T00:00:00.000Z",
"key" : 1627344000000,
"doc_count" : 1
}
]
}
}
}
Additional context
Opendistro version : 1.13.2
The text was updated successfully, but these errors were encountered: