Watcher - filters aggregation

SriniSn · October 5, 2017, 5:30pm

My use case is to count errors vs non-errors in the dataset and use former being X % of latter as criteria to trigger an alert.

Am I correct with using filters aggregation to approach this alert?

Also, I've few grouping levels before I get the counts so I have few rows each with good and error counts in my payload aggregation.

After filter aggregation, I would like to eliminate zero error rows but could not use min_doc_count similar to terms aggregation. Could you point me to right direction here and also to iterate the aggregation payload rows to check X%?

spinscale · October 11, 2017, 8:22am

Hey,

filter aggregations sound like a good plan here. Another approach might be to execute two queries using a chained input, and just do a count, and then use that count in the condition two compare the two numbers.

Maybe you can share your example and your output and we can iterate from there, so it is less abstract.

--Alex

system · November 8, 2017, 8:22am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Set up error transaction percentage alert email Elasticsearch elastic-stack-alerting	4	512	September 23, 2021
Mathematical operations on individual bucket elemenst Elasticsearch	8	1888	March 10, 2017
Alerting on index aggregation with filter Kibana elastic-stack-alerting	2	1122	September 6, 2022
Aggregation in Watcher Elasticsearch elastic-stack-alerting	3	1719	July 6, 2017
Alerting on compared aggregations Elasticsearch elastic-stack-alerting	2	224	December 25, 2023

Watcher - filters aggregation

Related topics