I want to alert on sum of two fields. Each document will have only one of the two fields. Ex: { "number1" : 30 }
{ "number2": 20 }
Above are the two documents under same index, I want to alert if sum(sum(number1),sum(number2) in last one hour is less than some value
I have tried the below:
type: metric_aggregation
index: test-*
description: "Testing"
buffer_time:
minutes: 1
timestamp_field: "@timestamp"
doc_type: "doc"
metric_agg_key: number1
metric_agg_key: number2
metric_agg_type: sum
min_threshold: 70
alert:
- "email"
alert_subject: "FNot matching"
alert_text: |
Hi Team,s
alert_text_type: alert_text_only
