Not sure if I got a title right, but this is what I want to do. E.g., let's say I am collecting disk usage metrics. Documents in elasticsearch have fields [ @timestamp, cluster, disk, host, value ]. Value is number of bytes used on a disk at given timestamp.
Now, as host have multiple disks and I am interested in total disk usage per host. The disk usage value is a gauge. Therefore I need to do a MAX agg over date histogram and then SUM all disks for cluster+host term bucket.
I am failing to figure out an aggregation for this. How this can be done with elasticseach?