Calculate differences between documents in a query

mbby · January 22, 2024, 9:03am

I need to calculate the MTBF of our systems which are monitored using the observatiblity uptime feature of Elasticsearch.

Let's say that I've an index with the following values:
time, system-name, state
10:00, system1, up
10:05, system1, up
10:10, system1, down
10:15, system1, down
10:20, system1, up
10:25, system1, down
10:30, system1, down
10:35, system1, down
10:40, system1, up

How could I count the number of times the state switched from down to up (here: 2).
How could I get the time between two of those state changes (here: 10:35-10:15 = 0:20).

mbby · January 24, 2024, 1:12pm

So one of the questions is: is there a query which calculates difference between consecutive documents. E.g.:
time, spent money
10:00, 100
10:05, 105
10:10, 150

the result should be something like, 105-100=5, 150-105=45

mbby · February 6, 2024, 6:29am

It looks like this is not possible in an Elasticsearch query itself, right?

stephenb · February 6, 2024, 2:55pm

Perhaps

You can do serial differencing in Lens as well.

mbby · February 7, 2024, 7:23am

Thanks Stephen. Found that and tried it. Unfortunately this won't solve my initial problem of getting the distances between two state changes.

system · March 6, 2024, 7:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.