We'd like to highlight some info from our es dataset for our admins to watch.
the docs look like this
{ "timestamp": "2017-05-01 01:01:00", "from": "123", "to": 4566 }
we want to aggregate on from and to fields, boosting on the recency of the documents, and also extra weight for longer from and to values
so an aggregation result with 1000 docs in the last 7 days might be less interesting than one with 500 in the last hour.
I'm not sure where to start with this. Can this be done as a query or do I need to do some pre-aggregation with watcher?