I think this question isn't really specific to watcher, it's more a DSL question, I believe. Anyway, I've got watchers watching our marvel indices indexing the payload. Now I'm trying to aggregations on that data. I'm sure it's a simple order/syntax problem but I've looked all over and i'm not finding the answer.
Here's the query I've got:
GET watch_gcoldcollectioncount/_search
{
"aggs": {
"group_by_key": {
"terms": {
"field": "aggregations.minutes.buckets.nodes.buckets.key"
},
"aggs": {
"average_memory": {
"avg": {
"field": "aggregations.minutes.buckets.nodes.buckets.gcold.value"
}
}
}
}
}
}
It is returning two types of output.
- this, for every hit:
{
"key_as_string": "2016-09-10T21:33:00.000Z",
"doc_count": 11,
"nodes": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"gcold": {
"value": 2054
},
"doc_count": 1,
"key": "nodeesd0"
},
{
"gcold": {
"value": 1923
},
"doc_count": 1,
"key": "nodeesd2"
},
etc.
2. The aggregations, but it's reporting the same value for every node.
"aggregations": {
"group_by_key": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 8,
"buckets": [
{
"key": "nodeesc0",
"doc_count": 5,
"average_memory": {
"value": 1514.4772727272727
}
},
{
"key": "nodeesc2",
"doc_count": 5,
"average_memory": {
"value": 1514.4772727272727
}
},
{
"key": "nodeesd0",
"doc_count": 5,
"average_memory": {
"value": 1514.4772727272727
}
},
etc.
Any help would be appreciated!