I need to perform this,how is it possible?
I have index1 - with cpu,mem,hostname details.
index-2 with location details.
Now i need to fetch cpu,mem information of hostnames starting with host* and location is bgl.How can this be done?
I tried as below but didnt work.
{ "size": 10000, "_source" : ["@timestamp","beat.name", "system.memory.used.pct","system.cpu.total.norm.pct"], "aggs": { "4": { "date_histogram": { "field": "@timestamp", "interval": "1h", "time_zone": "US/Eastern", "min_doc_count": 1 }, "aggs": { "Avg CPU": { "avg": { "field": "system.cpu.total.norm.pct" } }, "Avg Memory": { "avg": { "field": "system.memory.used.pct" } } } } }, "query": { "bool": { "must": [ {"range" : {"@timestamp" : { "gte": "now-4h","lte": "now"}}} ], "filter": [ { "bool": { "should": [ { "query_string": { "query": "index1-*.beat.name: host* AND index2-*.city.keyword:BANGALORE","analyze_wildcard": true, "default_field": "*" } } ] } } ] } } }