Find sequences in time series data

markdturner · March 11, 2021, 3:24pm

Hi,

I'm trying to find example queries for returning sequences of events in a time series. My dataset is rainfall values at 10-minute intervals, and I want to find all storm events. A storm event would be considered continuous rainfall for more than 12 hours. This would equate to 72 consecutive records with a rainfall value greater than zero. I could do this in code, but to do so I'd have to page through thousands of records so I'm hoping for a query-based solution.

I'm working in a University research group, so any solutions that involve premium tier licences are probably out due to budget.

Thanks!

markdturner · March 12, 2021, 1:43pm

I've discovered EQL is what I need and have this query

GET /rabt-rainfall-*/_eql/search
{
  "timestamp_field": "@timestamp",
  "event_category_field": "type",
  "size": 100,
  "query": """
    sequence
      [ rainfall where `rain-last-10-mins` > 0 ]
      [ rainfall where `rain-last-10-mins` > 0 ]
    until [ rainfall where `rain-last-10-mins` == 0 ]
  """
}

This returns results but only of length 2, I need to adapt it to find arbitrary sequences when the rainfall value is above zero.

Topic		Replies	Views
Elasticsearch Query with pattern and time sequence Elasticsearch elastic-stack-machine-learning	3	1418	October 22, 2019
Aggregate on a sequence item in EQL Elasticsearch	1	373	January 18, 2021
Search for a sequence Elasticsearch	1	642	February 13, 2014
Calculating Chronological Contiguous Document Sequences Elasticsearch	0	196	January 30, 2023
How to do sequence matching Elasticsearch	4	3267	August 23, 2014

Find sequences in time series data

Related topics