[DOCS] enhance transform example with range filter (#74284)

enhance transform example using range instead of terms for 5xx error codes
2025-04-25 07:37:19 -04:00 · 2021-06-21 01:37:11 -07:00 · 2021-06-21 01:37:11 -07:00 · 86df1b3aec
commit 86df1b3aec
parent 632901f4a3
1 changed files with 7 additions and 6 deletions
--- a/docs/reference/transform/examples.asciidoc
+++ b/docs/reference/transform/examples.asciidoc
@ -247,9 +247,9 @@ PUT _transform/suspicious_client_ips
         "filter": { 
            "term": { "response" : "404"}}
        },
-      "error503" : {
+      "error5xx" : {
-         "filter": { 
+         "filter": {
-            "term": { "response" : "503"}}
+            "range": { "response" : { "gte": 500, "lt": 600}}}
        },
      "timestamp.min": { "min": { "field": "timestamp" }},
      "timestamp.max": { "max": { "field": "timestamp" }},
@ -273,9 +273,10 @@ PUT _transform/suspicious_client_ips
 field to synchronize the source and destination indices. The worst case 
 ingestion delay is 60 seconds.
 <3> The data is grouped by the `clientip` field.
-<4> Filter aggregation that counts the occurrences of successful (`200`) 
+<4> Filter aggregation that counts the occurrences of successful (`200`)
-responses in the `response` field. The following two aggregations (`error404` 
+responses in the `response` field. The following two aggregations (`error404`
-and `error503`) count the error responses by error codes.
+and `error5xx`) count the error responses by error codes, matching an exact
 value or a range of response codes.
 <5> This `bucket_script` calculates the duration of the `clientip` access based
 on the results of the aggregation.