I have a dataset with one field describing status of an instance and another field holding the timestamp when the instance entered its current status.
I need to find the length of time my instances are alive and save this information to a new index or as an entry in existing index.
For eg:
doc1: Instance001: timestamp1: status=started.
doc2: Instance001: timestamp2: status=ready.
doc3: Instance002: timestamp3: status=started.
doc4: Instance003: timestamp4: status=started.
doc5: Instance001: timestamp5: status=failed.
doc6: Instance002: timestamp6: status=ready.
doc7: Instance004: timestamp7: status=started.
doc8: Instance003: timestamp8: status=failed.
doc9: Instance004: timestamp9: status=ready.
I need the following:
Dead Instances:
Instance001: age=timestamp5-timestamp1.
Instance003: age=timestamp8-timestamp4.
Live Instances:
Instance002: age=timestamp6-timestamp3.
Instance004: age=timestamp9-timestamp7.
What is the best possible route to achieve this if all the event data of instances is in the same Index but spread across multiple document entries?
Your timely responses are appreciated.
