我有一个运行计数器,例如port.packets,我想按单位而不是实际导数来计算导数归一化值的存储桶路径上的累积和。
通常,累积总和取导数桶路径的名称,有什么办法可以将桶路径提供为归一化值?
{
"size":0,"query":{
// some query
},"aggregations":{
"termsAgg":{
"terms":{
"field":"portIdToClusterId","size":1000,"order":[
{
"_count":"desc"
},{
"_key":"asc"
}
]
},"aggregations":{
"dateHistogramAgg":{
"date_histogram":{
"field":"timestamp","missing":0,"interval":"5m","offset":0,"order":{
"_key":"asc"
},"keyed":false,"min_doc_count":0
},"aggregations":{
"maxAggportrxpackets":{
"max":{
"field":"portpackets"
}
},"derAggportrxpackets":{
"derivative":{
"buckets_path":[
"maxAggportrxpackets"
],"gap_policy":"skip","unit":"1s"
}
},"cumSumAggportrxpackets":{
"cumulative_sum":{
"buckets_path":[
"derAggportrxpackets" // I want to take the normalized value instead of directly derivative
]
}
}
}
}
}
}
}
}
Sample output :
"aggregations" : {
"termsAgg" : {
"doc_count_error_upper_bound" : 0,"sum_other_doc_count" : 0,"buckets" : [
{
"key" : "1_3_x8::10.115.32.163","doc_count" : 12,"dateHistogramAgg" : {
"buckets" : [
{
"key_as_string" : "2019-10-25T16:20:00.000Z","key" : 1572020400000,"doc_count" : 1,"maxAggportrxpackets" : {
"value" : 1.86446649842E11
},"cumSumAggportrxpackets" : {
"value" : 0.0
}
},{
"key_as_string" : "2019-10-25T16:25:00.000Z","key" : 1572020700000,"maxAggportrxpackets" : {
"value" : 1.86446649852E11
},"derAggportrxpackets" : {
"value" : 10.0,"normalized_value" : 0.03333333333333333
},"cumSumAggportrxpackets" : {
"value" : 10.0
}
},{
"key_as_string" : "2019-10-25T16:30:00.000Z","key" : 1572021000000,"maxAggportrxpackets" : {
"value" : 1.86446649862E11
},"cumSumAggportrxpackets" : {
"value" : 20.0 // Here I want the cum sum on the normalized_value of the derivative rather than actual derivative
}
}