I have program send logs by rsyslog to graylog and save them in elastic search. I used elastic search 1.7.
message send by rsyslog like this
{"t" : [
{"id":10,"x":12,"y":15,"z":8},
{"id":12,"x":8,"y":6,"z":1},
{"id":10,"x":2,"y":1,"z":6}
]}
I want get sum of x, y, z for all message that have same id. what query I use?
I used this query but not work correct.
{
"aggs" : {
"t" : {
"nested" : {
"path" : "t"
},
"aggs" : {
"sum_x" : { "sum" : { "field" : "t.x" } }
}
}
}
}
