Hello,
I have several messages that are ingested together and have same "batchId" field. I need to check a condition (simple calculation), based on two fields from messages that have the same "batchId" (and couple of more fields).
How do I create such alert? Experimented with aggregations and buckets, but can't nail it.
Thank you in advance!
May be try filtering your messages first based on batchId and other fields to have only required documents in context. You can then apply any aggregation or calculation on top of that result set.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.