Rolling up different status types

So i have a large amount of data being written to an index everyday. the main index is over written as the amount of data is quite large. The data consist of 3 fields per record and its a timestamp, status, extstatus. An example:

timestamp: (random time stamp)
status: complete
extstatus: in progress

How can i use the rollup function to save status on the data so i can track as things like the count of complete status or inprogress status from month to month?

Welcome to our community! :smiley:

How large?

It is about 5,000 records with 70 fields. I guess not HUGE but its too much data in managements eyes to keep history of.

It's all relative, but that's not a lot of data.

A rollup like Getting started with rollups | Elasticsearch Guide [8.3] | Elastic could work.

I have tried that and it does not roll up the data. Im thinking that maybe its because my timestamp field is named "last_updated" instead of timestamp?

It'd be useful if you shared the code of what you have tried.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.