Hi,
Is it possible to roll up sum of term occurrences, so I can aggregate i.e status_codes from access logs?
I.e, I would like to rollup sum group-by-term "status_code" over a time period , is this possible?
I tried it out and it seems like it is not possible but I wanted to be sure.
Kind regards /Johan
Hi Johan,
could you provide an example with some data points?
It indeed sounds like this is not possible with rollup, however I suggest to have a look at the new continuous transform feature we added in 7.3. Its similar to rollup and allows data aggregation on a continuous basis, see https://www.elastic.co/guide/en/elasticsearch/reference/7.4/put-transform.html
Best,
Hendrik
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.