Add stop timestamp base on previous doc (event)

moimart1 · November 12, 2018, 4:22pm

Hello,

I push some events to elasticsearch with the following structure:

{
    "name": "status",
    "value": "active",
    "timestamp": "2018-01-01T00:00:00.000Z"
}

And when I receive a new event with the same name, like

{
    "name": "status",
    "value": "stopped",
    "timestamp": "2018-01-01T01:00:00.000Z"
}

I want to update the event status:active with a stopTimestamp field, like

{
    "name": "status",
    "value": "active",
    "timestamp": "2018-01-01T00:00:00.000Z"
    "stopTimestamp": "2018-01-01T01:00:00.000Z"
}

The final goal is to show events / transactions on a timeline, and the timeline require the field stop date

It is possible to have a document with a start and a stop date base on two previous events ?

Thanks

Martin

Mark_Harwood · November 12, 2018, 4:26pm

If you have lots of unique names to track see discussion on Distinct count with filter

moimart1 · November 14, 2018, 3:59pm

Thanks

If I understand correctly, you suggest to do another index with my events with start stop from my events with only start.

How I can update automatically my new index ? I need to do an external script or I can have a "built-in" solution ?

system · December 12, 2018, 3:59pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch - Timestamp based document Upsert Elasticsearch	1	430	March 27, 2021
Document timestamp field 7.8 Elasticsearch	3	478	October 22, 2020
Adding a new field to an index Elasticsearch	6	1084	November 4, 2022
Add a time field in elasticsearch and calculate time between two event Elasticsearch docker	1	216	June 21, 2022
Is it possible to add a field to all document in an index which the field is an aggregation result? Elasticsearch	4	582	September 26, 2019