Hello @Badger , @magnusbaeck
Please help on painless script for parsing the timestamp and compare with now-1h.
'''
"aggs": {
"by_index": {
"terms": {
"field": "_index"
},
"aggs": {
"by_timestamp": {
"max": {
"field": "@timestamp"
}
}
}
}
}
'''
I have the aggregated result as below
'''
"aggregations" : {
"by_index" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 607,
"buckets" : [
{
"key" : "watcher-alert-index1-2023.08.08",
"doc_count" : 832,
"by_timestamp" : {
"value" : 1.691515913592E12,
"value_as_string" : "2023-08-08T17:31:53.592Z"
}
},
{
"key" : "watcher-alert-index1-2023.08.07",
"doc_count" : 623,
"by_timestamp" : {
"value" : 1.691423470253E12,
"value_as_string" : "2023-08-07T15:51:10.253Z"
}
]
}
}
'''
I want to parse the timestamp from the above using painless script from the above result and compare with now-1h in watcher snippet.
I am new to painless script.
Please help me on this and guide me.
Thanks in advance,
Pavani