I am using Elasticsearch to store alerts from our alerting system for metrics. I have a requirement where I need to pull Count of alerts grouped by Gateway and Application
I have been able to pull the Count for Application using agg, which gave me the following:
{
"key" : "App_num",
"doc_count" : 15135
},
How can I also make this Key take into consideration my Gateway that these Applications are related to so that it gives me a total count of each Application per Gateway? I am using the following to get the above:
curl -XPOST 'localhost:9200/_search?pretty' -d '
{
"aggs": {
"group_by_app": {
"terms": {
"field": "AppNum",
"size": 0
}
}
}
}'