Untitled

<?php

$client = ClientBuilder::create()->setHosts(['127.0.0.1'])->build();

$params = [
    'index' => 'metricbeat-*',
    'body' => [
        'query' => [
            'bool' => [
                'must' => [
                    [
                        'term' => [
                            'system.process.name' => 'explorer.exe'
                        ]
                    ],
                    /*[
                        'range' => [
                            '@timestamp' => [
                                'gte' => 'now-24h',
                                'lte' => 'now'
                            ]
                        ],
                    ]*/
                ],
            ]
        ],
        'aggs' => [
            'group_by_username' => [
                'terms' => [
                  'field' => 'system.process.username'
                ],
                'aggs' => [
                    'per_day' => [
                        'date_histogram' => [
                            'field' => '@timestamp',
                            'interval' => 'day',
                            //'time_zone' => '+02:00'
                        ],
                    ]
                ],
            ],
        ]
    ]
];

$response = $client->search($params);

foreach ($response['aggregations']['group_by_username']['buckets'] as $groupByUsername) {
    $username = $groupByUsername['key'];
    echo "<br>\n$username: <br>\n";
    foreach ($groupByUsername['per_day']['buckets'] as $groupByDay) {
        $date = $groupByDay['key_as_string'];
        // We multiply per 10 because I'm sending the processes every 10 seconds, change this according to your update interval
        $hours = $groupByDay['doc_count'] * 10 / 60 / 60;
        echo "$date: $hours<br>\n";
    }
}