Hi All,
I am trying to follow this blog post from elastic - https://www.elastic.co/blog/implementing-a-statistical-anomaly-detector-part-1.
In it, the author says that we will have to design a set of aggregations, which seems fine.
What i am getting stuck on is that at the end of the article, we have this giant aggregation, but I do not know where to "put it" so that it is accessible in the next step, where the results of that aggregation are plotted in timelion.
So it seems like I have to get this aggregation somewhere somehow.
My question is where should it go, and how do I put it there?