I have an index that contains multiple "duration" documents for lots of different events that can occur on a particular resource, identified with an "id". This id is not unique in the index since multiple event durations are logged for that particular id like this:
{ "id": 1, "event": "FOO", "duration": 2.9},
{ "id": 1, "event": "BAR", "duration": 1.4},
{ "id": 1, "event": "BAZ", "duration": 5.0},
{ "id": 2, "event": "FOO", "duration": 2.4},
{ "id": 2, "event": "BAR", "duration": 3.7},
{ "id": 2, "event": "BAZ", "duration": 4.0},
{ "id": 3, "event": "FOO", "duration": 2.3},
{ "id": 3, "event": "BAR", "duration": 3.5},
{ "id": 3, "event": "BAZ", "duration": 5.6},
...
I would like to average the various event durations aggregated by event, which I can do. However, I'd also like to be able to set a threshold limit on an event set if the "duration" for "FOO" events is less than some threshold value X. And then I want to include only the associated documents (by id) for which the "FOO" event's duration is < X.
An example:
With the above documents, I would like to average the various durations only on event sets when the FOO event's duration < 2.5. In this example, that should result in only duration averages for documents with id 2 and 3 since their FOO event duration is less than 2.5. All documents for id 1 should be filtered out of the aggregations.
Any idea how I can set a range on FOO and include only the related documents for that id for which FOO meets the range criteria?
Thank you!