How to diff two log-indices


(Valentin Pletzer) #1

Hi,

I have daily indices with log-data. What I would like to do, is to get an
terms aggregation but not a simple occurrence-count but to substract 1 for
day (index) one and to add 1 for day (index) two. So in the end I
theoretically get all the new terms and the ones with the biggest change. I
guess this could be done with a script, but I have no idea how.

Any ideas?

Regards,
Valentin

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/5b58198a-c08e-41be-9191-cfb97adbd4db%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


(system) #2