I am using a API transform to get specific metrics
here my query
PUT _transform/index-transform
{
"description": "Calculate the duration of an event from multiple status updates (based on its uniqueID)",
"frequency": "1m",
"source": {
"index": "index*"
},
"dest": {
"index": "index2"
},
"pivot": {
"group_by": {
"id": {
"terms": {
"field": "ProcessID"
}
}
},
"aggregations": {
"event_count": {
"value_count": {
"field": "id"
}
},
"start": {
"min": {
"field": "TimeStart"
}
},
"stop": {
"max": {
"field": "TimeEnd"
}
},
"est": {
"max": {
"field": "EstimatedTime"
}
},
"durations": {
"bucket_script": {
"buckets_path": {
"start": "start.value",
"stop": "stop.value",
"est": "est.value"
},
"script": """
return (params.stop - params.start) / 1000;
"""
}
}
}
}
}
when i start the transform for the first time it works fine
but when i add some data in the source index, the data comes in the source index but not in the transform index.
Could you please assist on how to fix this issue?
Elastic noob here, but does this query really setup a continuous transform? I know I initially conflated the frequency field and the fact that the transform continuously runs.
I think specifying a frequency does not enable continous, but just specifies the frequency if you enable continuous. You might have to specify the sync field like in this example to do so.
Additionally, you can easily check if it is continuous by inspecting the transform in the Kibana UI (Stack management/Data/Transforms).
2 Likes
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.