I'm reading in a log that records meeting metadata. It has all sorts of stuff, but I only care about two things. Something like this:
2018-05-04 14:50:01 eventType=MeetingStartedEvent meetingID=1234 eventTime=14:48:00
2018-05-04 14:56:45 eventType=MeetingEndedEvent meetingID=1234 eventTime=14:49:37
So I've constructed a query that grabs only the data I need:
eventType:"MeetingStartedEvent" OR eventType:"MeetingEndedEvent"
The only thing that seems like it might work is Data Table. My metric is useless, but at least I can use term aggregation to get buckets of 2 items each based on the meetingID. Problem is now I have no idea how to get from there to a unified presentation of the data. Something like this:
MeetingID StartTime EndTime
I've read up on scripted indexes and that doesn't seem like it will solve my problem. Is this even possible?