I need to be able to write a condition for a watcher that will alert when the results from the Bucket Critical doc_count is at 50% or higher of bucket Info doc_count
This is the aggregation results
"aggregations" : {
"level" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "INFO",
"doc_count" : 662
},
{
"key" : "Critical",
"doc_count" : 5
}
]
}
}
this can be done with a script condition that accesses the fields in the aggregations.level.buckets array and then divides the both doc_count fields from each other (make sure to figure out the order first to not accidently switch dividend/divisor).
If you share what you tried so far, we can take a look at improving your script. As a start there is the examples repo where you can take a look at a few scripts.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.