Metricbeat system load query

Hi ,

I want to capture the doc carrying the system load details only. Could you please let me know what to add in the following query ?

GET metricbeat-2018.05.08/_search
{
"sort": [
{"@timestamp": {"order": "desc"}

}
],
"query": {
  "bool": {
    "must": [
      {
        "match_all": {}
        
      },
      {
        "range": { 
          "@timestamp": {
            "gt": "now-2m"
            
          }
          
        }
        
      }
      ]
    
  }

}
}

I want to capture only docs carrying the value of followings key:

doc['_source']['system']['load']['norm']['1']
doc['_source']['system']['load']['norm']['5']
doc['_source']['system']['load']['norm']['15']

Could you pls help me here ?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.