Re: Alerting OpenSearch - Aggregation

[DeWitt Clinton]

Hi,

I believe this message may be better directed toward the forum for the OpenSearch search search and analytics suite, an unrelated project by the same name. This mailing list is for questions regarding the original OpenSearch syndication format.

Best regards,

-DeWitt

On Thursday, December 1, 2022 at 4:48:55 AM UTC-8 Amy wrote:

I want to know how I can put the full log from the event in aggregation, because the full log is not a field. I know how I can put, for example, the agent.name, but full log, I don't know.

Example:

"aggregations": {

  "agent": {

      "terms": {

            "field": "agent.name",

  ...........