Home Explore Help
Register Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: f56a0f4b66
Branches Tags
elasticsearch
/
docs
/
reference
/
aggregations
/
pipeline
/
serial-diff-aggregation.asciidoc

serial-diff-aggregation.asciidoc 4.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102 
  1. [[search-aggregations-pipeline-serialdiff-aggregation]]
    2. 

  2. === Serial differencing aggregation
    3. 

  3. ++++
    4. 

  4. <titleabbrev>Serial differencing</titleabbrev>
    5. 

  5. ++++
    6. 

  6. 

  7. Serial differencing is a technique where values in a time series are subtracted from itself at
    8. 

  8. different time lags or periods. For example, the datapoint f(x) = f(x~t~) - f(x~t-n~), where n is the period being used.
    9. 

  9. 

  10. A period of 1 is equivalent to a derivative with no time normalization: it is simply the change from one point to the
    11. 

  11. next. Single periods are useful for removing constant, linear trends.
    12. 

  12. 

  13. Single periods are also useful for transforming data into a stationary series. In this example, the Dow Jones is
    14. 

  14. plotted over ~250 days. The raw data is not stationary, which would make it difficult to use with some techniques.
    15. 

  15. 

  16. By calculating the first-difference, we de-trend the data (e.g. remove a constant, linear trend). We can see that the
    17. 

  17. data becomes a stationary series (e.g. the first difference is randomly distributed around zero, and doesn't seem to
    18. 

  18. exhibit any pattern/behavior). The transformation reveals that the dataset is following a random-walk; the value is the
    19. 

  19. previous value +/- a random amount. This insight allows selection of further tools for analysis.
    20. 

  20. 

  21. [[serialdiff_dow]]
    22. 

  22. .Dow Jones plotted and made stationary with first-differencing
    23. 

  23. image::images/pipeline_serialdiff/dow.png[]
    24. 

  24. 

  25. Larger periods can be used to remove seasonal / cyclic behavior. In this example, a population of lemmings was
    26. 

  26. synthetically generated with a sine wave + constant linear trend + random noise. The sine wave has a period of 30 days.
    27. 

  27. 

  28. The first-difference removes the constant trend, leaving just a sine wave. The 30th-difference is then applied to the
    29. 

  29. first-difference to remove the cyclic behavior, leaving a stationary series which is amenable to other analysis.
    30. 

  30. 

  31. [[serialdiff_lemmings]]
    32. 

  32. .Lemmings data plotted made stationary with 1st and 30th difference
    33. 

  33. image::images/pipeline_serialdiff/lemmings.png[]
    34. 

  34. 

  35. 

  36. 

  37. ==== Syntax
    38. 

  38. 

  39. A `serial_diff` aggregation looks like this in isolation:
    40. 

  40. 

  41. [source,js]
    42. 

  42. --------------------------------------------------
    43. 

  43. {
    44. 

  44.   "serial_diff": {
    45. 

  45.     "buckets_path": "the_sum",
    46. 

  46.     "lag": 7
    47. 

  47.   }
    48. 

  48. }
    49. 

  49. --------------------------------------------------
    50. 

  50. // NOTCONSOLE
    51. 

  51. 

  52. [[serial-diff-params]]
    53. 

  53. .`serial_diff` Parameters
    54. 

  54. [options="header"]
    55. 

  55. |===
    56. 

  56. |Parameter Name |Description |Required |Default Value
    57. 

  57. |`buckets_path` |Path to the metric of interest (see <<buckets-path-syntax, `buckets_path` Syntax>> for more details |Required |
    58. 

  58. |`lag` |The historical bucket to subtract from the current value. E.g. a lag of 7 will subtract the current value from
    59. 

  59.  the value 7 buckets ago. Must be a positive, non-zero integer |Optional |`1`
    60. 

  60. |`gap_policy` |Determines what should happen when a gap in the data is encountered. |Optional |`insert_zero`
    61. 

  61. |`format` |Format to apply to the output value of this aggregation |Optional | `null`
    62. 

  62. |===
    63. 

  63. 

  64. `serial_diff` aggregations must be embedded inside of a `histogram` or `date_histogram` aggregation:
    65. 

  65. 

  66. [source,console]
    67. 

  67. --------------------------------------------------
    68. 

  68. POST /_search
    69. 

  69. {
    70. 

  70.    "size": 0,
    71. 

  71.    "aggs": {
    72. 

  72.       "my_date_histo": {                  <1>
    73. 

  73.          "date_histogram": {
    74. 

  74.             "field": "timestamp",
    75. 

  75.             "calendar_interval": "day"
    76. 

  76.          },
    77. 

  77.          "aggs": {
    78. 

  78.             "the_sum": {
    79. 

  79.                "sum": {
    80. 

  80.                   "field": "lemmings"     <2>
    81. 

  81.                }
    82. 

  82.             },
    83. 

  83.             "thirtieth_difference": {
    84. 

  84.                "serial_diff": {                <3>
    85. 

  85.                   "buckets_path": "the_sum",
    86. 

  86.                   "lag" : 30
    87. 

  87.                }
    88. 

  88.             }
    89. 

  89.          }
    90. 

  90.       }
    91. 

  91.    }
    92. 

  92. }
    93. 

  93. --------------------------------------------------
    94. 

  94. 

  95. <1> A `date_histogram` named "my_date_histo" is constructed on the "timestamp" field, with one-day intervals
    96. 

  96. <2> A `sum` metric is used to calculate the sum of a field. This could be any metric (sum, min, max, etc)
    97. 

  97. <3> Finally, we specify a `serial_diff` aggregation which uses "the_sum" metric as its input.
    98. 

  98. 

  99. Serial differences are built by first specifying a `histogram` or `date_histogram` over a field. You can then optionally
    100. 

  100. add normal metrics, such as a `sum`, inside of that histogram. Finally, the `serial_diff` is embedded inside the histogram.
    101. 

  101. The `buckets_path` parameter is then used to "point" at one of the sibling metrics inside of the histogram (see
    102. 

  102. <<buckets-path-syntax>> for a description of the syntax for `buckets_path`.
    103.