问题描述

当与查询匹配的所有文档的字段总和超过某个值时，可以弹出弹出窗口？说每个文件都有一个价格的价值 - 当最后一天的价格值的总和超过200时，可以弹出弹性，例如？

Can elastalert be triggered when the sum of a field for all documents that match a query exceeds some value? Say each document has a "price" value - Can elastalert be triggered when the sum of the "price" values over the last day exceeds 200, for example?

示例文档：

{
  type: "transaction",
  price: 20.32
}

英文示例规则：

过去一小时内type ='transaction'的所有文档的总和超过200

推荐答案

p> ElastAlert开箱即用不支持。

This is not supported out of the box by ElastAlert.

这仍然未解决，以及尚未合并的相关然而。

There's an open issue which is still unresolved yet, as well as a related pull request which hasn't been merged yet.

但是，您可以按照本问题中描述的步骤自行修改ElastAlert，并使用。应该是一个没有脑子。

However, you may be able to modify ElastAlert by yourself by following the steps described in the issue and using the contributed patch. Should be a no brainer.

这篇关于当一个字段的总和，对于匹配查询的所有文档，如何使用elastalert triger超过一些值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！