Hi guys, I am looking into using the significant terms aggregation with our logstash data, but my reading of it has given me one issue which I hope you have ideas for solving.
As I understand it - ES 1.1.1 only supports using 1 index (entire index) as the "background data" to identify what stands out in the search'ed set. Problem with logstash - is that it per default creates a new index every day (which I like for a lot of other purposes), but if a significant terms aggregation on logs should make sense - it would be more relevant to be able to use a month or so, as the "background data". Anyone know if I can somehow pursuade it, into using more than just 1 index as "background data" ? Or would I have to have a copy of 1 months data or so - put into a "background index" - to do this? :( -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/af955818-9a40-44c1-90fb-e074cc1983bb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
