我想提醒两个字段的总和。每个文档将只有两个字段之一。例如:{“number1”:30}
{ "number2": 20 }
以上是同一索引下的两个文档,如果过去一小时的 sum(sum(number1),sum(number2) 小于某个值,我想提醒一下
我尝试了以下方法:
type: metric_aggregation
index: test-*
description: "Testing"
buffer_time:
minutes: 1
timestamp_field: "@timestamp"
doc_type: "doc"
metric_agg_key: number1
metric_agg_key: number2
metric_agg_type: sum
min_threshold: 70
alert:
- "email"
alert_subject: "FNot matching"
alert_text: |
Hi Team,s
alert_text_type: alert_text_only