Hi,
I'm trying to make a Watcher that compares if a number field of a document deviates from the average a percentage.
The mapping the following:
{
"Datapoint" : "Taller10#Montaje#Skillets#M111#RODILLOS_LONG#M111R",
"ACTUAL_CONSUMPTION" : 80
}
The problem is that I have to calculate the average of the ACTUAL_CONSUMPTION field of the logs that have the same value in the field "Datapoint" and not of the rest.
so you want to group by the value of the DataPoint field and then calculate the avg of the ACTUAL_CONSUMPTION field?
If you, you should check out aggregations, if you need to this for more than one value of the DataPoint field. You could use a terms aggregation and inside of that a avg agg.
If you only need the avg value of a single value of DataPoint then a filter query for that value and an avg aggregation are sufficient.
Hi,
First thank the help, I got the average DataPoint. My problem now is that I do not know how to compare the average with the ACTUAL_CONSUMPTION.
This is my watcher code:
{
"trigger": {
"schedule": {
"interval": "1d"
}
},
"input": {
"search": {
"request": {
"indices": "consum*",
"body": {
"query": {
"bool": {
"filter": {
"range": {
"ACTUAL_CONSUMPTIONst": {
"from": "now-5d",
"to": "now"
}
}
}
}
},
"aggs":{
"datapoint":{
"terms": {
"field": "Datapoint.keyword"
},
"aggs":{
"dp_avg": {
"avg":{
"field": "ACTUAL_CONSUMPTION",
"script": "_value1.1"
}
},
"dp_actual":{
"terms": {
"field": "ACTUAL_CONSUMPTION"
}
}
}
}
}
}
}
}
},
"condition":{
"array_compare":{
"ctx.payload.aggregations.datapoint.buckets.dp_actual.buckets":{
"path": "key",
"gte":{
"value": "{{ctx.payload.aggregations.datapoint.buckets.dp_avg}}"
}
}
}
},
"actions": {
"log": {
"logging": {
"level": "info",
"text": "*** Watcher para informar si un motor tiene una media anómala ****\n"
}
}
}
}
One part of the response is the following:
"aggregations" : {
"datapoint" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"doc_count" : 4,
"dp_avg" : {
"value" : 52.25
},
"key" : "Taller10#Montaje#Skillets#M11#RODILLOS_LONG#M11",
"dp_actual" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"doc_count" : 2,
"key" : 40
},
{
"doc_count" : 1,
"key" : 50
},
{
"doc_count" : 1,
"key" : 60
}
]
}
}
And I want know that Datapoint has a document with ACTUAL_CONSUMPTION > Average*1.1
Is possible do it??
Thank you!
hey,
you cannot use a compare condition for this to properly access the fields, you need to use a script condition.
--Alex
Thanks you for your help!
I resolved my problem using a script that compare two buckets and return a list with all Datapoint's names.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.