Hi all,
I have data with the following structure:
I need an alert email every 30 seconds to count the number of each Name have ErrorCode in list [001, 002, 003] and the percentage of each Name to the total (all of ErrorCode) in the following format:
- Name: NAME1 --- error 10/116 (8.6%)
- Name: NAME2 --- error 4/8 (50%)
- Name: NAME3 --- error 17/30 (56.6%)
- Name: NAME4 --- error 26/100 (26%)
I have grouped Name and ErrorCode:
"query": {
"bool": {
"must": [
{
"terms": {
"Name": [
"000",
"001",
"002",
"003",
"004",
"005",
"006",
"007",
"008",
"009",
"010"
]
}
}
],
"filter": {
"range": {
"@timestamp": {
"from": "{{ctx.trigger.scheduled_time}}||-5m",
"to": "{{ctx.trigger.triggered_time}}"
}
}
}
}
},
"aggs": {
"group_by_name": {
"terms": {
"field": "Name.keyword"
},
"aggs": {
"group_by_errorcode": {
"filter": {
"terms": {
"Code": [
"001",
"002",
"003"
]
}
}
}
}
}
}
Here is the returned result:
"aggregations": {
"group_by_Name": {
"doc_count_error_upper_bound": 46,
"sum_other_doc_count": 2659,
"buckets": [
{
"doc_count": 5331,
"key": "Name1",
"group_by_Error": {
"doc_count": 5331
}
},
{
"doc_count": 2286,
"key": "Name2",
"group_by_Error": {
"doc_count": 1036
}
},
{
"doc_count": 1710,
"key": "Name3",
"group_by_Error": {
"doc_count": 1
}
}
I have config watcher and can receive mail:
"body": {
"html": "{{#ctx.payload.aggregations.group_by_name.buckets}}<br>- Name <b>{{key}}</b> error {{#group_by_error }}{{doc_count}}/{{/group_by_error}}{{doc_count}}</br>{{/ctx.payload.aggregations.group_by_name.buckets}}"
}
The structure of the email I received:
- Name: NAME1 --- error 10/116
- Name: NAME2 --- error 4/8
- Name: NAME3 --- error 17/30
- Name: NAME4 --- error 26/100
How can I calculate the percentage based on the calculated data?
