Hi,
it's possible to create a watcher with a single query on two different times?
Ex. If a certain threshold is exceeded between 10-11 and 11-12 and so on. So the alert would trigger only if the two conditions are met
Thanks
Regards
Gosh, there are many ways this could be solved.
- You could use a input chain to make multiple queries (one for time range X and the other for time range Y) and then inspect the results of each. Here's an example that uses 3 inputs.
The time frames are the same in this example (but could differ)
- Alternatively, you could do a single query over a time range, but then do a
date_histogramaggregation on that query to break the time ranges up into chunks, aggregate the data in some way within those chunks, and then inspect the data in each sub aggregation. An example (albeit a little complex) can be seen here:
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.