Hi,
I would like to count the number of documents based on a search, in order to follow the evolution of the number of documents.
I use the watcher for this, which allows me to execute a regular query and retrieve the result.
On this side everything is OK, and I make an aggregation (count by a field).
in "actions", I send this in an index, my concern is that I would like to change the name of a field and add another field which would be for example: monitor:count_doc_by_company
the result of my search contains the following aggregation:
"aggregations" : { "2" : { "doc_count_error_upper_bound" : 0, "sum_other_doc_count" : 0, "buckets" : [ { "key" : "COMPANY1", "doc_count" : 223981578 }, { "key" : "COMPANY2", "doc_count" : 3408203 }, { "key" : "UNDEFINED", "doc_count" : 356186 }, { "key" : "COMPANY3", "doc_count" : 122787 } ] } }
my code 'actions" is :
"actions": { "index_payload": { "foreach": "ctx.payload.aggregations.2.buckets", "max_iterations": 100, "index": { "index": "eol_compteurs", "execution_time_field": "@timestamp" } } },
I've tried using "script" but I get errors every time.
here is the result after ingestion in the index eol_counters :
{ "_index": "eol_compteurs", "_type": "_doc", "_id": "MGlI6nEB638LGgRIX0cG", "_version": 1, "_score": null, "_source": { "doc_count": 220097723, "@timestamp": "2020-05-06T13:59:02.044Z", "key": "COMPANY1" }, "fields": { "@timestamp": [ "2020-05-06T13:59:02.044Z" ] }, "sort": [ 1588773542044 ] }
I'd like to add a field with a static value, and change the name of the "key" field, but I do not succeed 
Thanks