"Order By" Elasticsearch
Since you are re-creating your data, I would suggest taking the opportunity to remodel it a bit as well. This will be the easiest option. For example, storing the states as integers in your data instead of or in addition to strings. You could have an extra field state_num that contains the integer value and then map 'CRITICAL' to 1, 'WARNING' to 2, etc. It will be easy to sort by this field:
"sort" : [ { "state_num" : "asc" }]If you don't want to remodel your data, another option is to use script-based sorting. For example:
"sort" : { "_script" : { "script" : "switch(doc['state'].value) { case 'CRITICAL': return 1; case 'WARNING': return 2; case 'UNKNOWN': return 3; default: return 100; }", "type" : "number", "order" : "asc" }}