TL:DR New aggregation on unstructured (semi-structured) texts with the 7.16 Categorize logs for an alerte Better granularity for information message Build Better Alerts with the new aggregation of Elasticsearch We are working on an alerting system for one of Spoon Consulting clients on Elasticsearch.  Client needs are very classical :  Send an alert when I have more than 5 error logs within less than 10 min Know encountered errors Usually to do this I would have to build a query…