Calcul cumulative sum metric (such as elasticearch node stat query_total) difference between 2 timestamps.

search.json

{
	"source" : {
	"size": 0,
	"query": {
		"query_string": {
			"query": "@timestamp:[{{start_date}}:00+02:00 TO {{end_date}}:59+02:00] AND data.attributes.master:false"
		}
	},
	"aggs": {
		"nodes": {
			"terms": {
				"field": "meta.node.name"
			},
			"aggs": {
				"start": {
					"filter": {
						"range": {
							"@timestamp": {
								"gt": "{{start_date}}:00+02:00",
								"lt": "{{start_date}}:30+02:00"
							}
						}
					},
					"aggs": {
						"value": {
							"avg": {
								"field": "data.indices.search.query_total"
							}
						}
					}
				},
				"end": {
					"filter": {
						"range": {
							"@timestamp": {
								"gt": "{{end_date}}:00+02:00",
								"lt": "{{end_date}}:59+02:00"
							}
						}
					},
					"aggs": {
						"value": {
							"avg": {
								"field": "data.indices.search.query_total"
							}
						}
					}
				},
				"diff": {
					"bucket_script": {
						"buckets_path": {
							"end": "end>value",
							"start": "start>value"
						},
						"script": "params.end - params.start"
					}
				}
			}
		},
		"total" : {
			"sum_bucket" : {
				"buckets_path" : "nodes>diff"
			}
		}
	}
},
	"params" : {
		"start_date" : "2018-04-16T15:13",
		"end_date" : "2018-04-16T15:25"
	}
}