There is derivative aggregation, but there is no function like that for documents.
Perhaps Logstash Aggregation Filter could make it feasible somehow.
Though I'm not sure @@map is also usable in recent Logstash, this may also help you.
There is derivative aggregation, but there is no function like that for documents.
Perhaps Logstash Aggregation Filter could make it feasible somehow.
Though I'm not sure @@map is also usable in recent Logstash, this may also help you.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.