github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-04-25 07:37:19 -04:00
Code Issues Projects Releases Packages Wiki Activity

[DOCS] enhance transform example with range filter (#74284)

Browse source 
enhance transform example using range instead of terms for 5xx error codes
This commit is contained in:
Hendrik Muhs 2021-06-21 01:37:11 -07:00 committed by GitHub
parent 632901f4a3
commit 86df1b3aec
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

13
docs/reference/transform/examples.asciidoc
View file

@ -247,9 +247,9 @@ PUT _transform/suspicious_client_ips
"filter": {
"term": { "response" : "404"}}
},
"error503" : {
"filter": {
"term": { "response" : "503"}}
"error5xx" : {
"filter": {
"range": { "response" : { "gte": 500, "lt": 600}}}
},
"timestamp.min": { "min": { "field": "timestamp" }},
"timestamp.max": { "max": { "field": "timestamp" }},
@ -273,9 +273,10 @@ PUT _transform/suspicious_client_ips
field to synchronize the source and destination indices. The worst case
ingestion delay is 60 seconds.
<3> The data is grouped by the `clientip` field.
<4> Filter aggregation that counts the occurrences of successful (`200`)
responses in the `response` field. The following two aggregations (`error404`
and `error503`) count the error responses by error codes.
<4> Filter aggregation that counts the occurrences of successful (`200`)
responses in the `response` field. The following two aggregations (`error404`
and `error5xx`) count the error responses by error codes, matching an exact
value or a range of response codes.
<5> This `bucket_script` calculates the duration of the `clientip` access based
on the results of the aggregation.