Using mutiple filter aggregation and then using buckets_path to compare the metrics in bucket. But it's not working. Here's the JSON I wrote:
GET /test/_search?pretty
{
"query": {
"bool": {
"filter": {
"range": {
"last_check": {
"from": "now-300d",
"to": "now"
}
}
}
}
},
"aggs": {
"group_by_server": {
"terms": {
"field": "sc_name",
"size": 10000
},
"aggs": {
"time_range": {
"filters": {
"filters": {
"last_15_min": {
"range": {
"last_check": {
"from": "now-15m",
"to": "now"
}
}
},
"last_2_months": {
"range": {
"last_check": {
"from": "now-300d",
"to": "now"
}
}
}
}
},
"aggs": {
"avg_memory": {
"avg": {
"field": "memory"
}
}
}
},
"should_we_consider": {
"bucket_selector": {
"buckets_path": {
"last_15_min": "time_range>last_15_min>avg_memory",
"last_2mon": "time_range>last_2_months>avg_memory"
},
"script": "params.last_15_min > 0"
}
}
}
}
}
}
Output I get is:
{
"error": {
"root_cause": [
{
"type": "illegal_argument_exception",
"reason": "No aggregation [last_15_min] found for path [time_range>last_15_min>avg_memory]"
}
],
"type": "search_phase_execution_exception",
"reason": "all shards failed",
"phase": "query",
"grouped": true,
"failed_shards": [
{
"shard": 0,
"index": "imi2",
"node": "KQZiCLqSR0CmHHYZkxNHMg",
"reason": {
"type": "illegal_argument_exception",
"reason": "No aggregation [last_15_min] found for path [time_range>last_15_min>avg_memory]"
}
}
],
"caused_by": {
"type": "illegal_argument_exception",
"reason": "No aggregation [last_15_min] found for path [time_range>last_15_min>avg_memory]",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "No aggregation [last_15_min] found for path [time_range>last_15_min>avg_memory]"
}
}
},
"status": 400
}