Dear Elasticsearch Team,
I hope this message finds you well. I am currently working with an alert index in Elasticsearch, which contains information such as "device-ref" and "alert type." My goal is to retrieve the latest alert for each "device-ref" based on the specific alert type.
To provide a clearer example, let's say a "device-ref" has four types of alert types, and each alert type has multiple alerts. I am interested in obtaining the most recent alert for each unique combination of "device-ref" and alert type. In other words, if a "device-ref" has four alert types, I want to retrieve only the latest alert for each of those alert types.
Following this, I intend to filter the results to extract only the alerts with an "active" status for use in an Angular table. Additionally, I am implementing pagination for the table, but I am encountering challenges with the paginator not functioning as expected.
I would greatly appreciate your guidance in refining my Elasticsearch query to achieve the desired results, especially regarding the correct implementation of pagination and the subsequent filter for the Angular table.
Thank you for your time and assistance.
POST alerts/_search
{
"size": 0,
"aggs": {
"device_ref_alert_type": {
"composite": {
"size": 10,
"sources": [
{
"device_ref": {
"terms": {
"field": "entity_device.device_ref.keyword"
}
}
},
{
"alert_type": {
"terms": {
"field": "alert_type.keyword"
}
}
}
]
},
"aggs": {
"latest_alert": {
"top_hits": {
"size": 1,
"sort": [
{
"timestamp": {
"order": "desc"
}
}
]
}
},
"alert_count": {
"sum": {
"field": "doc_count"
}
},
"sales_bucket_sort": {
"bucket_sort": {
"from": 0,
"size": 10
}
}
}
}
}
}