Skip to content

Instantly share code, notes, and snippets.

@rokcarl
Created Jun 15, 2021
Embed
What would you like to do?
PUT _transform/stat_customers
{
"description": "Credits per customer",
"dest": {"index": "stat_customers"},
"source": {"index": "stats-*"},
"frequency": "10m",
"sync": {
"time": {
"field": "timestamp",
"delay": "90m"
}
},
"pivot": {
"aggs": {
"credits": { "sum": { "field": "credits" } },
"requests": { "value_count": { "field": "timestamp" }},
"error_codes": {
"scripted_metric": {
"init_script": "state.responses = [:]",
"map_script": """
def key_name = 'missing';
if (doc['error.code'].size() != 0) {
def error_code = doc['error.code'].value;
if (error_code >= 400 && error_code <= 499) {
key_name = '4xx';
}
else if (error_code >= 500 && error_code <= 599) {
key_name = '5xx';
}
else {
key_name = error_code;
}
}
if (!state.responses.containsKey(key_name)) {
state.responses[key_name] = 0;
}
state.responses[key_name] += 1;
""",
"combine_script": "state.responses",
"reduce_script": """
def counts = [:];
for (responses in states) {
for (key in responses.keySet()) {
if (key == 'missing') {
continue;
}
if (!counts.containsKey(key)) {
counts[key] = 0;
}
counts[key] += responses[key];
}
}
return counts;
"""
}
}
},
"group_by": {
"day": {"date_histogram": {"field": "timestamp", "fixed_interval": "1d"}},
"customer": {"terms": {"field":"customer"}}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment