Is there an aggregation I can use to note a change of value in a text field in a time series?
Essentially, i have an index which logs a string value of over time. I wish to detect when that value gets changed and return only the results when that value gets changed over time.
There's not a good way at the moment, although there is an open ticket requesting something similar.
I've been thinking about this kind of agg recently and have some ideas, but it's non-trivial since the value changes might be on different shards and not apparent unless all the data is streamed to one location. There are some ways we could work around that but it's not an easy task in a distributed environment
Thanks for your answer. I hope that your team will find ways to do this! Right now I search for results for the entire time range to look for differences. It is workable when the result sets are small, but obviously much less ideal when the result sets are big and it would save a lot of resources if they can be done on the cluster instead.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.