Calculating Chronological Contiguous Document Sequences

Guy_Segev · January 30, 2023, 2:57pm

Hi,
Would appreciate help with the following conundrum:

I have an index with time-series events; here are some document examples:

{ "timestamp": 1,  "status": "running" }
{ "timestamp": 2,  "status": "running" }
{ "timestamp": 3,  "status": "blocked" }
{ "timestamp": 4,  "status": "blocked" }
{ "timestamp": 5  "status": "blocked" }
{ "timestamp": 10,  "status": "blocked" }
{ "timestamp": 11,  "status": "blocked" }
{ "timestamp": 12,  "status": "running" }
{ "timestamp": 13,  "status": "running" }

I need to find sequences of chronologically contiguous documents with the same status, whereby a timestamp gap (no matter it's size) or a different status, closes a bucket and opens a new one in its stead.
An expected output would look like:

{
  "buckets": [
    {
      "start": 1,
      "end": 2,
      "status": "running",
      "count": 2
    },
    {
      "start": 3,
      "end": 5,
      "status": "blocked",
      "count": 3
    },
    {
      "start": 1,
      "end": 2,
      "status": "running"
    },
    {
      "start": 10,
      "end": 11,
      "status": "blocked"
    },
    {
      "start": 12,
      "end": 13,
      "status": "running"
    }
  ]
}

Any help would be greatly appreciated

system · February 27, 2023, 2:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Finding gaps in timestamps in documents Elasticsearch	1	354	August 30, 2018
Finding a sequence of events Elasticsearch	4	719	March 19, 2020
Elasticsearch Query with pattern and time sequence Elasticsearch elastic-stack-machine-learning	4	1358	November 19, 2019
Conditionally aggregating documents in an index? Elasticsearch	12	531	April 6, 2019
Elastic aggregation for timeline of a searched field based on timestamp Elasticsearch	2	405	June 18, 2020

Calculating Chronological Contiguous Document Sequences

Related topics