How to compare and sum docs with different values

Den1 · August 25, 2020, 11:18pm

Hello,

I have docs with such data:
sessionState: Active
statusBoolean: true
statusInt:-1
timeStamp:Aug 26, 2020 @ 02:08:21.522

OR

sessionState: Disconnected
statusBoolean: false
statusInt:1
timeStamp:Aug 26, 2020 @ 02:09:21.522

on time line I can see when status from Active became to Disconnected or from Disc to Act.
But I need to SUM how many user became from Active to Disconnected during some time period.

Maybe I need to do some script field for this, that will compare privies value and if it different mark this and after that sum this marks.

Can you please help me with this?
Thank you.

mattkime · August 26, 2020, 12:12am

Hello @Den

I'd recommend changing the way the data is stored. The query is simple if both events are stored in a single document -

sessionid
activeTimestamp
disconnectedTimestamp

Den1 · August 26, 2020, 1:32am

Sorry, I probably put the question incorrectly.

Every minute I receive information from script. Information looks like
Username:
sessionState:
statusBoolean:
statusInt: <the same if user not idle -1or true if 1 idle>
timeStamp:

In each doc I have string that can be Active or Disconnected.
I need to count how many times Active changed to Disconnected.

for example on picture it was 3 times.

mattkime · August 26, 2020, 1:44am

I think this is the thing I'm having trouble understanding - how does this differ from counting the number of Disconnected values?

Den1 · August 26, 2020, 3:39am

I want to know how many times the value has changed.

The counting the number of disabled records will show the total number of these records, for example, more than 100.

But there will be only a few moments when active becomes non-active.

mattkime · August 26, 2020, 4:22am

The counting the number of disabled records will show the total number of these records, for example, more than 100.

So there might be multiple documents where the user's state is unchanged?

Den1 · August 26, 2020, 4:27am

Yes, everything is correct and it does not change for some time.
Then it changes and when it happens I need to calculate.

mattkime · August 26, 2020, 4:33am

@Den1

You either need to change how you ingest the data or post process the documents.

Here's a discussion around a similar need - Calculation time difference between two document

Den1 · August 26, 2020, 4:44am

Thank you.
I'll take care about this in my script before post data to elastic.

The link that you gave me, I solved this problem by creating a document every minute. Which allowed me to calculate time.

system · September 23, 2020, 4:44am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Session Counter over time Visualisation Kibana	5	449	September 25, 2020
Kibana Aggregation/Search Documents Kibana	3	189	December 25, 2020
Count only sum value of ID on their last date Kibana	7	148	October 5, 2023
Compare fields in two documents? Kibana	2	4255	February 20, 2018
Comparing date/time from two different documents Kibana	9	3348	June 5, 2018

How to compare and sum docs with different values

Related Topics