Find sequences in time series data

markdturner · March 11, 2021, 3:24pm

Hi,

I'm trying to find example queries for returning sequences of events in a time series. My dataset is rainfall values at 10-minute intervals, and I want to find all storm events. A storm event would be considered continuous rainfall for more than 12 hours. This would equate to 72 consecutive records with a rainfall value greater than zero. I could do this in code, but to do so I'd have to page through thousands of records so I'm hoping for a query-based solution.

I'm working in a University research group, so any solutions that involve premium tier licences are probably out due to budget.

Thanks!

markdturner · March 12, 2021, 1:43pm

I've discovered EQL is what I need and have this query

GET /rabt-rainfall-*/_eql/search
{
  "timestamp_field": "@timestamp",
  "event_category_field": "type",
  "size": 100,
  "query": """
    sequence
      [ rainfall where `rain-last-10-mins` > 0 ]
      [ rainfall where `rain-last-10-mins` > 0 ]
    until [ rainfall where `rain-last-10-mins` == 0 ]
  """
}

This returns results but only of length 2, I need to adapt it to find arbitrary sequences when the rainfall value is above zero.

system · April 9, 2021, 1:44pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Search for a sequence Elasticsearch	2	624	July 6, 2017
How to do sequence matching Elasticsearch	5	3230	July 6, 2017
Elasticsearch Query with pattern and time sequence Elasticsearch elastic-stack-machine-learning	4	1392	November 19, 2019
Search according to document sequence Elasticsearch	1	867	July 6, 2017
Aggregate on a sequence item in EQL Elasticsearch	2	363	January 18, 2021

Find sequences in time series data

Related topics