I 've a filter that contains data from two indices payment_transfer and payment_transfer_failure. I want to set an alert of the number of transfer_failure_count in a month/ number of transfers whiten the same month is above a threshold value.
So suppose we have the following data in a filter 'payment_tr*':
March 26th 2019, 01:06:10.841 code:R01 transfer_id:4,504 @timestamp:November 24th 2020, 02:06:30.616 created:March 26th 2019, 01:06:10.841 @version:1 id:316 _id:316 _type:doc _index:payment-transfer-failure _score:1.561
March 26th 2019, 01:06:46.904 code:R01 transfer_id:4,328 @timestamp:November 24th 2020, 02:06:30.616 created:March 26th 2019, 01:06:46.904 @version:1 id:327 _id:327 _type:doc _index:payment-transfer-failure _score:1.561March 26th 2019, 01:06:46.904 @timestamp:November 24th 2020, 02:06:30.616 created:March 26th 2019, 01:09:46.904 @version:1 _id:327 _type:doc _index:payment-transfer
I wanna a short way to get the count of payment-transfer-failure in a month divided by _index:payment-transfer of the same month so in that case 2/1 = 0.5 so that I can set a filter to notify me if the rate exceeded 0.75 for example.