I'm having the following document(s) in ElasticSearch:
"ipAddress": "192.168.10.12", "timestamp": "25 Oct 2015 20:00:00", "switchovers": 2
"ipAddress": "192.168.10.12", "timestamp": "26 Oct 2015 20:00:00", "switchovers": 1
How can I write an elasticsearch aggregation to find out switchovers[today] - switchovers[yesterday] grouped by IP address?
This is where i'm at:
{
"size": 0,
"query": {
"match_all": {}
},
"aggs": {
"switchover_count_over_time": {
"terms": {
"field": "ipAddress"
},
}
}
}'
Yet to figure out how to extract switchovers for each date (from oct. for example) and compute the difference from the previous day's switchover value..
Any help?