Hello,
I am performing Elastic rollups on an index with the following streaming documents and fields. Rollup is on Field 1:
Field1 Field2
doc1 1200 a
doc2 1200 b
doc3 1200 c
doc4 1100 d
doc5 1100 e
doc6 1100 f
after rollup I get:
1200 3
1100 3
I am trying to figure out a best way to maintain a running count of all documents in a new field called 'Total', so my result should look something like:
Field1 count
1200 3
1100 3
'Total' 6
I know there are several possibilities to accomplish this, including using logstash, elasticsearch, kibana, but what would be the best simple approach?
Can I maintain a counter in logstash pipeline for streaming data that arrives a minute apart? any other ideas?
Thank you for any insights!