Hi, I have a single index and I am interested in the value fields when the 'host' is either A or B. It's easy to search for host: A OR host: B to get the list of documents that I am interested in, but then I basically want to make a new dataset where each timestamp corresponds to the sum of the values host A and B at that time. However, the timestamps don't match exactly - they can be different by magnitude of ~1 sec or less. Essentially, it's a similar operation to what 'stacking' the plots would do (if you view the top stacked line as the sum). I cannot change the way they're stored in Elastic (i.e., summing prior to their ingestion).
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.