We have 2 fields in the ElasticSearch
- api_status = 400 or 200 or 500
- api_url = /v1/myapi.com
In elastAlert how can I get the filter to fetch if all status=400 that are coming for all events with api_url within 10min are 5% of the total count?
Total count api_uri=/v1/myapi.com -> 1000 in 10 min
Total count api_status=400 -> 100 in 10 min
So 4xx is >5% of the total count
and the same trigger should happen through Elast Alert
