Rolling up different status types

So i have a large amount of data being written to an index everyday. the main index is over written as the amount of data is quite large. The data consist of 3 fields per record and its a timestamp, status, extstatus. An example:

timestamp: (random time stamp)
status: complete
extstatus: in progress

How can i use the rollup function to save status on the data so i can track as things like the count of complete status or inprogress status from month to month?

Welcome to our community! :smiley:

How large?

It is about 5,000 records with 70 fields. I guess not HUGE but its too much data in managements eyes to keep history of.

It's all relative, but that's not a lot of data.

A rollup like Getting started with rollups | Elasticsearch Guide [8.3] | Elastic could work.

I have tried that and it does not roll up the data. Im thinking that maybe its because my timestamp field is named "last_updated" instead of timestamp?

It'd be useful if you shared the code of what you have tried.