So I have to following query that gives me to count of successful and failed http queries using aggregations.
{
"size": 0,
"query": {
"bool": {
"filter": [
{
"match_phrase": {
"protocol": {
"query": "http"
}
}
},
{
"bool": {
"should": [
{
"match_phrase": {
"destination": {
"query": "75.124.145.217"
}
}
},
{
"match_phrase": {
"destination.domain": {
"query": "75.124.145.218"
}
}
}
],
}
},
{
"range": {
"@timestamp": {
"from": "now-1d",
}
}
}
],
}
},
"aggregations": {
"tot_success": {
"filter": {
"term": {
"http.response.status_code": {
"value": "200"
}
}
}
},
"tot_error": {
"filter": {
"bool": {
"must_not": [
{
"term": {
"http.response.status_code": {
"value": "200"
}
}
}
]
}
}
}
}
}
That result is like the following:
{
"_shards": {
"total": 320,
"failed": 0,
"successful": 320,
"skipped": 315
},
"hits": {
"hits": [],
"total": {
"value": 821,
"relation": "eq"
},
"max_score": null
},
"took": 815,
"timed_out": false,
"aggregations": {
"tot_success": {
"doc_count": 809
},
"tot_error": {
"doc_count": 12
}
}
}
I was wondering if there is anyway I can make mathematical calculations with the aggregations result and get a result within the same query.
For example calculating the ratio of tot_error/tot_success.
I looked around and found that bucket script might be the solution to my problem, but to be honest I couldn't manage to implement it in my previous query
Can someone help me achieve this.