Hi Zachary Tong,
Thanks for checking on this .
I have tried your suggestion .
{
"query" : {
"bool" : {
"must" : {
"range" : {
"exportTimeStamp" : {
"from" : 1524359580418,
"to" : 1524467580418,
"include_lower" : true,
"include_upper" : true
}
}
}
}
},
"aggregations" : {
"applicationName" : {
"terms" : {
"field" : "portName",
"size" : 0
},
"aggregations" : {
"dataPoints" : {
"date_histogram" : {
"field" : "exportTimeStamp",
"interval" : "5m",
"min_doc_count" : 0
},
"aggregations" : {
"Max" : {
"max" : {
"field" : "ingressPackets",
"missing" : 0
}
},
"Der" : {
"derivative" : {
"buckets_path" : [ "Max" ],
"gap_policy" : "skip"
}
},
"cusum_script": {
"bucket_script": {
"buckets_path": {
"deriv": "Der"
},
"script": "if (params.deriv != null) {params.accumulator.value += 1;} return params.accumulator.value;",
"params": {
"accumulator": {
"value": 0
}
}
}
}
}
}
}
}
}
}
I am getting following error .
{
"error": {
"root_cause": [
{
"type": "search_parse_exception",
"reason": "Unknown key for a START_OBJECT in [cusum_script]: [params].",
"line": 47,
"col": 121
}
],
"type": "search_phase_execution_exception",
Please suggest.