I am importing data from MySQL using logstash, that contains events with a start and an end date. However, some of these events overlap and, in some conditions, need to be treated as a single event, starting at the start of the earliest overlapping event and ending at the end of the latest overlapping event.
Is there a way to do this (maybe in a separate index, or by tagging the events with a new id that I could then use in scripted fields or simple visualizations) through logstash or es ? I’m thinking scripted fields (that I would then move to logstash) maybe ?
Thanks in advance for all the help you could give, even if you think it’s not exactly what I’m looking for.