Hi Team,
I have a search query which is extracting the data from metricbeat index and the output shows me the same hits as the size mentioned in the query. However, if i apply painless script to transform the data, it is only returning 10 hits. How can i get the more hits.
My query is as follows:
> {
> "size": 0,
> "query": {
> "bool": {
> "must": [
> {
> "range": {
> "@timestamp": {
> "gte": "now-3m",
> "lte": "now"
> }
> }
> }
> ]
> }
> },
> "aggregations": {
> "bucketAgg": {
> "terms": {
> "field": "agent.hostname.keyword",
> "size": 500,
> "order": {
> "metricAgg": "desc"
> }
> },
> "aggregations": {
> "metricAgg": {
> "avg": {
> "field": "system.load.1"
> }
> },
> "Account": {
> "terms": {
> "field": "cloud.account.id.keyword",
> "size": 500
> }
> },
> "ID": {
> "terms": {
> "field": "cloud.instance.id.keyword",
> "size": 500
> }
> },
> "Region": {
> "terms": {
> "field": "cloud.region.keyword",
> "size": 500
> }
> },
> "Time": {
> "terms": {
> "field": "@timestamp",
> "size": 500
> }
> }
> }
> }
> }
> }
Blockquote
And the transform is:
> def hosts=data.mysearch.aggregations.bucketAgg.buckets; return hosts.stream().filter(h->{ def cpu_usage=h.metricAgg.value; return cpu_usage>0; }).map(h->{def cpu_usage=h.metricAgg.value; def cpu_usage_round=BigDecimal.valueOf(cpu_usage*1).setScale(2, RoundingMode.HALF_EVEN); def acc=h.Account.buckets[0].key; def reg=h.Region.buckets[0].key; def id=h.ID.buckets[0].key; def date=h.Time.buckets[0].key_as_string; return['host': h.key, 'cpu_usage': cpu_usage*1, 'cpu_usage_round': cpu_usage_round, 'acc': acc, 'reg': reg, 'date': date, 'id': id];}).collect(Collectors.toList());
Can you please suggest after applying the transform how can i achieve more than 10 records?
//Ankita