# Derive metrics from aggregating OpenSearch query results [[inputs.opensearch_query]] ## OpenSearch cluster endpoint(s). Multiple urls can be specified as part ## of the same cluster. Only one successful call will be made per interval. urls = [ "https://node1.os.example.com:9200" ] # required. ## OpenSearch client timeout, defaults to "5s". # timeout = "5s" ## HTTP basic authentication details # username = "admin" # password = "admin" ## Skip TLS validation. Useful for local testing and self-signed certs. # insecure_skip_verify = false [[inputs.opensearch_query.aggregation]] ## measurement name for the results of the aggregation query measurement_name = "measurement" ## OpenSearch index or index pattern to search index = "index-*" ## The date/time field in the OpenSearch index (mandatory). date_field = "@timestamp" ## If the field used for the date/time field in OpenSearch is also using ## a custom date/time format it may be required to provide the format to ## correctly parse the field. ## ## If using one of the built in OpenSearch formats this is not required. ## https://opensearch.org/docs/2.4/opensearch/supported-field-types/date/#built-in-formats # date_field_custom_format = "" ## Time window to query (eg. "1m" to query documents from last minute). ## Normally should be set to same as collection interval query_period = "1m" ## Lucene query to filter results # filter_query = "*" ## Fields to aggregate values (must be numeric fields) # metric_fields = ["metric"] ## Aggregation function to use on the metric fields ## Must be set if 'metric_fields' is set ## Valid values are: avg, sum, min, max, sum # metric_function = "avg" ## Fields to be used as tags. Must be text, non-analyzed fields. Metric ## aggregations are performed per tag # tags = ["field.keyword", "field2.keyword"] ## Set to true to not ignore documents when the tag(s) above are missing # include_missing_tag = false ## String value of the tag when the tag does not exist ## Required when include_missing_tag is true # missing_tag_value = "null"