Comparing query aggregation values

korsdecaying · April 13, 2017, 2:26pm

Is it possible using elasticsearch to compare the results in the columns of the aggregated query. That is, the aggregation values 5 and 6.
Using the alert compare condition.
Using the alert compare condition. If possible how to form a query !?

              "aggs": {
                "5": {
                  "sum": {
                    "field": "bytes_in"
                  }
                },
                "6": {
                  "sum": {
                    "field": "bytes_out"
                  }

}

At the moment I see solutions to this issue using the Java API, but for this I have to go through a cycle of all 6 aggregations in order to compile a table of dependencies of all 6 aggregators (like a kibana displays this in the table), is there a way to get values for 6 aggregators at once in the form Array of values.
For example how Terms works. getKeyAsString() ,getDocCount()
The first number receives the key. Its second meaning. And here the first number gets the key a of the values for it 5 in the form of aggregations on the first point

Only for 6 aggregations
How to most easily do this

thomasneirynck · April 13, 2017, 4:55pm

hi @korsdecaying,

what do you mean with compare? e.g. You want to substract these values to get the difference? If so, I think you'll have to do that on the application level.

Also, it seems like you may also want to move this question to the Elasticsearch forum, unless this is related to something Xpack specific.

korsdecaying · April 13, 2017, 9:01pm

Hi,
I need to compare the values of two columns, that is, compare them with each other, whether they are equal or not. And compare them with certain set values. I thought I'd use alerting for this, so I wrote this thread.

korsdecaying · April 13, 2017, 9:17pm

What do you understand by the level of applications !?Unload data for example using the Java API and analyze !?

thomasneirynck · April 18, 2017, 8:11pm

Hi @korsdecaying,

yes, with "application" I mean doing this in your client that is querying Elasticsearch. If this is a Java-program, you could indeed use the Java API.

system · May 16, 2017, 8:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.