Querying downsampled data
Stack Serverless
To query a downsampled index, use the _search and _async_search endpoints.
- You can query multiple raw data and downsampled indices in a single request, and a single request can include downsampled indices with multiple downsampling intervals (for example,
15m,1h,1d). - When you run queries in Kibana and through Elastic solutions, a standard response is returned, with no indication that some of the queried indices are downsampled.
- Date histogram aggregations support
fixed_intervalsonly (not calendar-aware intervals). - Time-based histogram aggregations use a uniform bucket size, without regard to the downsampling time interval specified in the request.
Date histograms are based on UTC values. Some time zone situations require offsetting (shifting the time buckets) when downsampling:
- For time zone
+5:30(India), offset by 30 minutes -- for example,2020-01-01T10:30:00.000instead of2020-03-07T10:00:00.000. Or use a downsampling interval of 15 minutes instead of offsetting. - For intervals based on days rather than hours, adjust the buckets to the appropriate time zone -- for example,
2020-03-07T19:00:00.000instead of2020-03-07T00:00:00.000forAmerica/New_York.
When offsetting is applied, responses include the field downsampled_results_offset: true.
For more details, refer to Date histogram aggregation: Time zone.