Ignoring time from date field for aggregation

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

Ignoring time from date field for aggregation

This post has NOT been accepted by the mailing list yet.

I am newbie to elastic.  

We have elastic setup with multiple systems writing events to elastic with machine name, message & Datetime.

Each day a new file is created on elastic.
I have created an aliases for the last 7 day files.

I need to find if every system is logging atleast 1 event per day.

How to use aggregation(or better mechanism) on machine name & datetime field and get 1 record per day per machine?