So i have a large amount of data being written to an index everyday. the main index is over written as the amount of data is quite large. The data consist of 3 fields per record and its a timestamp, status, extstatus. An example:
timestamp: (random time stamp)
extstatus: in progress
How can i use the rollup function to save status on the data so i can track as things like the count of complete status or inprogress status from month to month?
Welcome to our community!
It is about 5,000 records with 70 fields. I guess not HUGE but its too much data in managements eyes to keep history of.
It's all relative, but that's not a lot of data.
A rollup like Getting started with rollups | Elasticsearch Guide [8.3] | Elastic could work.
I have tried that and it does not roll up the data. Im thinking that maybe its because my timestamp field is named "last_updated" instead of timestamp?
It'd be useful if you shared the code of what you have tried.