Hi,
I have been looking around for a couple weeks for this and I can't figure out how I might do it. I am using Elasticsearch as a TSDB. When I am using Kibana and I want to look at a bunch of data over a period of a day, for example, it seems like Elasticsearch is aggregating it on the fly starting from all the per-second logs. The preferred behavior would be to have some pre-computed hourly or ten-minute aggregations of a certain kind, for example, and have Elasticsearch be smart enough to use those precomputed aggregations when responding to queries for a field. I still want the high-resolution data available for when I want to zoom in on a shorter time period.
Clearly, I could do something like this manually where I periodically run aggregation queries for $FIELD and store the result in something like $FIELD_hourly or $FIELD_daily. Is there a way to do this that doesn't require me to have separately-named fields of varying resolutions? The issue is that I would need to have separate visualizations in Kibana that query the correct field name based on the time period the visualization is designed for.
Thank you!