Hello,
I am trying to create a query similar to the following (ignore the fact that time is not taken into account):
SELECT host, sum(bytes) FROM
(SELECT sender as host, sent_bytes as bytes from traffic
UNION
SELECT receiver as host, received_bytes as bytes from traffic) as t
GROUP BY host
As you can see from the SQL query - the idea is that I have attributes in my document that need to be normalize to be the same - so doing 2 queries against the same table (index for elk), and then running a UNION, would generate a uniform table (meaning same column names). Lastly I would then do a group by and sum aggregation per host entry.
How would one go about doing the same thing using Elasticsearch query?
If this is possible, is it also possible to place such query as a dataview in Elasticsearch, so one can run visualizations against it?
Thank you.