Hi team, we have a use case and we are working to build a bucketed query to get the result.
We are generating data from different applications to an index and we used logstash to add a field name to generate that application name along with the application job details.
ex application_name: application1
Now topbeat on servers running multiple applications generate a field to topbeat index
ex. application_name: application1,application2,application3
The requirement now is to build bucketed aggregation spanning both indices( we thought of using alias for it) of topbeat metrics to generate the average of CPU utilization, Memory and Disk utilization for each of these applications.
The challenge is while grouping by field name, since the topbeat record has all the applications , records couldn't go to the buckets specific to application.
Final expected bucketing order
Application1 beat.hostname Topbeat records - System metric(like CPU,...)
Application2 beat.hostname Topbeat records - System metric(like CPU,...)
Any help how to achieve this.