hi all,
i have serial difference metric aggregation, and need to filter those documents, whose delta or value is greater than zero ...need to loop through all aggregations in condition and check for value >0 ( where Value is serial difference )
{
"trigger": {
"schedule": {
"hourly": {
"minute": [
8,
23,
38,
53
]
}
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"...."
],
"rest_total_hits_as_int": true,
"aggs": {
"3": {
`"terms": {`
`"field": "host",`
`},`
`"aggs": {`
`"4": {`
`"terms": {`
`"field": "Error",`
`"aggs": {`
`"2": {`
`"date_histogram": {
"field": "@timestamp",
"fixed_interval": "5m",
},
"aggs": {
"1": {
"serial_diff": {
"buckets_path": "1-metric"
}
},
"1-metric": {
"sum": {
"field": "Value"
}
}
}
}
}
}
}
}
},
"script_fields": {},
"docvalue_fields": [
{
"field": "@timestamp",
"format": "date_time"
}
],
"_source": {
"excludes": []
},
"condition": {
"script": {
"lang": "painless",
"source": "return ctx.payload.aggregations.3.buckets.stream().anyMatch(cluster -> cluster.4.buckets.stream().anyMatch(xx -> xx.2.buckets.stream().anyMatch(node -> node.1.value > 0)));"
} }`