I want to execute my search for specific data field and its values so that if any of the field's values count goes below x, it will be shown in the graph and the name of that value will be shown in the legend. Otherwise no data will be shown.
Now my problem is this:
When my search is executed the search result exceeds the set limit (lte) and shows results event beyond x (count).
In this example the x = 5.
.es(split=data.valuename:10).if(lte, 5, .es(split=data.valuename:10), null)
Hi,
I am not exactly sure I am understanding your desired outcome. Could you perhaps give a very simple example with a couple of data and what you wish the desired chart to look like quickly drawn together?
Cheers,
Tim
Alright, I try to explain this in simple terms:
I want to search for spesific index's data, within that searched index's data there's a data field named i.e. "hostname" (there could be 100 different hostnames), I want to search the top 10 hostnames by count. The condition is that the graph will only draw a dot when hostname count is less than X. The graph is empty unless any hostname's count drops under X within a certain time. If all hostname's count is under the defined value, only top 10 of the hostnames will be displayed in the graph.
Here's an example of the elastic query I try to execute:
.es(index={index name}).if(lte, {X}, .es(index={index name}, {max top 10 of hostnames}), null).label({hostname's name}).color({dynamic})
Simplified condition way to say this IMO:
search index={index name}, if individual hostname's count goes under {X}, then draw a dot on a graph and tell the hostname's name in the legend.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.