Hi,
I'm new to Elastic Word.
I have to create a custom watcher that extracts -from an index - the Isin, Price and Currency fields of the last day (without aggregating them) and compares them with the average price of the last 30 days aggregated for Isin and Currency. If the price of the day (for the same pair isin-currency) is higher than the average, an email is sent. I'm having trouble writing the compare condition because I need to compare them with Price-Currency as the key. Is it possible ? Is there someone who can help me?
Below is the query :
{
"trigger": {
"schedule": {
"interval": "1d"
}
},
"input": {
"chain": {
"inputs": [
{
"first": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"<name_index>"
],
"rest_total_hits_as_int": true,
"body": {
"query": {
"range": {
"Date": {
"gte": "now-1d",
"lt": "now"
}
},
"fields": [
{
"field": "IsinCode"
},
{
"field": "Currency"
},
{
"field": "Price"
}
],
"sort": [
{
"_doc": {
"order": "asc"
}
}
]
}
}
}
}
}
},
{
"second": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"<name_index>"
],
"rest_total_hits_as_int": true,
"body": {
"query": {
"range": {
"Date": {
"gte": "now-30d",
"lt": "now"
}
}
},
"aggregations": {
"groupby": {
"composite": {
"size": 1000,
"sources": [
{
"a4ce41cf": {
"terms": {
"field": "IsinCode",
"missing_bucket": true,
"order": "asc"
}
}
},
{
"60bfb53a": {
"terms": {
"field": "Currency",
"missing_bucket": true,
"order": "asc"
}
}
}
]
},
"aggregations": {
"e2545051": {
"avg": {
"field": "Price"
}
}
}
}
}
}
}
}
}
}
]
}
},
"condition": {
"compare": {
?
}
},
"actions": {
"send_email": {
"email": {
"profile": "standard",
"from": "<Address>",
"to": [
"<Address>"
],
"subject": "Watcher Notification ",
"body": {
"text": "text "
}
}
}
}
}
Thanks,
Chiara