kosho/elasticsearch-rollup-apache.js

## elasticsearch-rollup-apache.js
# Rollup apache sample index

GET apache_elastic_example

# Create a rollup job
# It works for the documents already and going to be indexed

PUT _xpack/rollup/job/apache_elastic_example
{
    "index_pattern": "apache_elastic_example",
    "rollup_index": "apache_elastic_example_rollup",
    "cron": "*/30 * * * * ?",
    "page_size" :1000,
    "groups" : {
      "date_histogram": {
        "field": "@timestamp",
        "interval": "1h",
        "delay": "7d"
      },
      "terms": {
        "fields": ["clientip.raw"]
      }
    },
    "metrics": [
        {
            "field": "bytes",
            "metrics": ["sum", "max", "min"]
        }
    ]
}

# Start the job

POST _xpack/rollup/job/apache_elastic_example/_start

# Search upon the original index

GET apache_elastic_example/_search
{
  "size": 0,
  "aggs": {
    "1": {
      "date_histogram": {
        "field": "@timestamp",
        "interval": "1d"
      },
      "aggs": {
        "2": {
          "terms": {
            "field": "clientip.raw",
            "size": 10
          },
          "aggs": {
            "3": {
              "sum": {
                "field": "bytes"
              }
            }
          }
        }
      }
    }
  }
}

# Search upon the rollup index

GET apache_elastic_example_rollup/_rollup_search
{
  "size": 0,
  "aggs": {
    "1": {
      "date_histogram": {
        "field": "@timestamp",
        "interval": "1d"
      },
      "aggs": {
        "2": {
          "terms": {
            "field": "clientip.raw",
            "size": 10
          },
          "aggs": {
            "3": {
              "sum": {
                "field": "bytes"
              }
            }
          }
        }
      }
    }
  }
}

# Stop the job

POST _xpack/rollup/job/apache_elastic_example/_stop

# Delete the job

DELETE _xpack/rollup/job/apache_elastic_example

# Delete the rollup index

DELETE apache_elastic_example_rollup
	# Rollup apache sample index

	GET apache_elastic_example

	# Create a rollup job
	# It works for the documents already and going to be indexed

	PUT _xpack/rollup/job/apache_elastic_example
	{
	"index_pattern": "apache_elastic_example",
	"rollup_index": "apache_elastic_example_rollup",
	"cron": "/30 * * * ?",
	"page_size" :1000,
	"groups" : {
	"date_histogram": {
	"field": "@timestamp",
	"interval": "1h",
	"delay": "7d"
	},
	"terms": {
	"fields": ["clientip.raw"]
	}
	},
	"metrics": [
	{
	"field": "bytes",
	"metrics": ["sum", "max", "min"]
	}
	]
	}

	# Start the job

	POST _xpack/rollup/job/apache_elastic_example/_start

	# Search upon the original index

	GET apache_elastic_example/_search
	{
	"size": 0,
	"aggs": {
	"1": {
	"date_histogram": {
	"field": "@timestamp",
	"interval": "1d"
	},
	"aggs": {
	"2": {
	"terms": {
	"field": "clientip.raw",
	"size": 10
	},
	"aggs": {
	"3": {
	"sum": {
	"field": "bytes"
	}
	}
	}
	}
	}
	}
	}
	}

	# Search upon the rollup index

	GET apache_elastic_example_rollup/_rollup_search
	{
	"size": 0,
	"aggs": {
	"1": {
	"date_histogram": {
	"field": "@timestamp",
	"interval": "1d"
	},
	"aggs": {
	"2": {
	"terms": {
	"field": "clientip.raw",
	"size": 10
	},
	"aggs": {
	"3": {
	"sum": {
	"field": "bytes"
	}
	}
	}
	}
	}
	}
	}
	}

	# Stop the job

	POST _xpack/rollup/job/apache_elastic_example/_stop

	# Delete the job

	DELETE _xpack/rollup/job/apache_elastic_example

	# Delete the rollup index

	DELETE apache_elastic_example_rollup