Can elastalert be called when the field sum for all documents matching the query exceeds a certain value? Say each document has a value. Can elastalert be triggered when the sum of the “price” values for the last day exceeds 200, for example?
Document example:
{
type: "transaction",
price: 20.32
}
Example rule in English:
The sum of all documents where type = 'transaction' over the past hour exceeds 200
source
share