Hello,
I am trying to create a simple watcher that compares 2 fields in the same index every 5 minutes. My index contains the following fields
"Temperature" : "22.6",
"Temp Hi" : "30.1",
"Temp Lo" : "25.5",
"@timestamp" : "2019-04-30T00:00:00.000Z",
Essentially I want to compare if Temperature is between Temp Hi & Temp Lo and send an email alert if out of bounds.
Any assistance with this will be highly appreciated.
Also, can watchers be restricted to specific spaces?
Thank you,
Please correct me if I am wrong, but this is not about comparing two fields within the same index, but two fields within the same document?
If so, you could use a script query in the search input that subtracts high from lo and checks if the value is above a threshold. However this is not a scalable solution as this calculation needs to be done for every hit.
You could use the ingest script processor to create the difference of those two values at index time and then run a much faster query, that is doing a range query for all documents whose treshold is above X.
Hope that makes sense.
Regarding the spaces questions. Right now this is not possible.
Yes - you are right - this is comparing 2 fields in the same document.
Thank you for the options - I'll be in touch if I need any further assistance.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.