[Solved] What does the following Elasticsearch aggregation query return when run on APM transaction data?GET /apm-*/_search { "size": 0, "aggs": { "max_duration": { "max": { "field": "transaction.duration.... | Elasticsearch

Elasticsearch - ELK Stack Integration

What does the following Elasticsearch aggregation query return when run on APM transaction data?

GET /apm-*/_search
{
  "size": 0,
  "aggs": {
    "max_duration": {
      "max": { "field": "transaction.duration.us" }
    }
  }
}

AA list of all transaction durations sorted descending

BThe average transaction duration in milliseconds

CThe maximum transaction duration in microseconds across all documents

DThe total count of transactions in the index

Step-by-Step Solution

Solution:

Step 1: Analyze aggregation type
The query uses a 'max' aggregation on the field 'transaction.duration.us'.
Step 2: Understand field meaning
'transaction.duration.us' stores transaction durations in microseconds.
Step 3: Interpret output
The aggregation returns the maximum value of this field across all matching documents.
Final Answer:
The maximum transaction duration in microseconds across all documents -> Option C
Quick Check:
Max aggregation returns highest value [OK]

Quick Trick: Max agg returns highest field value [OK]

Common Mistakes:

MISTAKES

Master "ELK Stack Integration" in Elasticsearch

9 interactive learning modes - each teaches the same concept differently

More Elasticsearch Quizzes

What does the following Elasticsearch aggregation query return when run on APM transaction data?