Watcher - filters aggregation

SriniSn · October 5, 2017, 5:30pm

My use case is to count errors vs non-errors in the dataset and use former being X % of latter as criteria to trigger an alert.

Am I correct with using filters aggregation to approach this alert?

Also, I've few grouping levels before I get the counts so I have few rows each with good and error counts in my payload aggregation.

After filter aggregation, I would like to eliminate zero error rows but could not use min_doc_count similar to terms aggregation. Could you point me to right direction here and also to iterate the aggregation payload rows to check X%?

spinscale · October 11, 2017, 8:22am

Hey,

filter aggregations sound like a good plan here. Another approach might be to execute two queries using a chained input, and just do a count, and then use that count in the condition two compare the two numbers.

Maybe you can share your example and your output and we can iterate from there, so it is less abstract.

--Alex

system · November 8, 2017, 8:22am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.