Hi,
I have the exact same issue as: https://discuss.elastic.co/t/save-results-from-aggregation-to-new-index/86913
Any idea how to fix this issue without using Watcher of X-pack?
asp:
Hi,
we have a log with some million events per day.
Allthough we keep data accessible only for 30 days, we have the need to compare some aggregations from current month and 6 month ago.
To achieve this, we are currently doing exports / reports as screenshot / pdf / html save and then we can compare two pictures.
These logs events have fields for processing times, etc. which are aggregated to avg processing time graphs in kibana.
Because I begin to love the timelion offset functionality, I am thinking of a new way of keeping the data, but I need your help to tell me if it is possible and how it can be done.
Question:
sample aggregation:
If I run this in ES, it should give me an aggregated value each 30 minutes for the top 20 functions.
avg (result)@timestamp
Or are there better practices?
Shaoranlaos
March 16, 2018, 7:06am
2
this is a guess from my side but you could use logstash with an elasticsearch input to run your query and than input it again to elasticsearch with the elasticsearch output
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-elasticsearch.html https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html
system
April 13, 2018, 7:06am
3
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.