Hi,
Would appreciate help with the following conundrum:
I have an index with time-series events; here are some document examples:
{ "timestamp": 1, "status": "running" }
{ "timestamp": 2, "status": "running" }
{ "timestamp": 3, "status": "blocked" }
{ "timestamp": 4, "status": "blocked" }
{ "timestamp": 5 "status": "blocked" }
{ "timestamp": 10, "status": "blocked" }
{ "timestamp": 11, "status": "blocked" }
{ "timestamp": 12, "status": "running" }
{ "timestamp": 13, "status": "running" }
I need to find sequences of chronologically contiguous documents with the same status, whereby a timestamp gap (no matter it's size) or a different status, closes a bucket and opens a new one in its stead.
An expected output would look like:
{
"buckets": [
{
"start": 1,
"end": 2,
"status": "running",
"count": 2
},
{
"start": 3,
"end": 5,
"status": "blocked",
"count": 3
},
{
"start": 1,
"end": 2,
"status": "running"
},
{
"start": 10,
"end": 11,
"status": "blocked"
},
{
"start": 12,
"end": 13,
"status": "running"
}
]
}
Any help would be greatly appreciated