Hi All,
I understand the general idea of a rollup job and index. I don’t understand how you actually use them from OpenSearch Dashboards.
Are they only useful for querying from the API?
Thanks
Rollup index can be queried exactly the same like normal index, but with few limitations:
- Aggregations and queries can use only fields which are listed as dimensions in rollup job definition. Exception here is timestamp field which can’t be used.
- Source index is expected to be append-only (updates on older docs are ignored)
ISM installs SearchRequest interceptor which is enforcing these limitations. Idea here is to have same SearchRequest being executed on source_index and rollup_index to return exactly the same results.(but faster in case of rollup)
You can also check out Transforms. You don’t have any limitations when querying transform indices and both updates and inserts are taken into account when “rolling up” data.