We have a search that is scheduled to run across several different,diverse index...this serach also trigger only when number of events > than x number of events ...how do we ensure that although we have a common search ...the number of events condition is satisfied only if its coming from only the same index as previous
..ie we have index a,b,c,d and we have a search that does not hardcode index and the role of the user maps to all indexes by default ...when we run a conditional search to trigger if ...how do we ensure that say trigger > 25 event count is satisfied only if we see 25 events from individual" a "index and not 25 aggregate across indexes
Appreciate !