Looking for stitching together these into transactions, if User is SAME and Session is SAME..
So the outcome should be TWO transaction pair like below
Pair1
It depends on what you want to do with the transaction - when working with visualizations (which use aggregations), you can use two nested terms aggregations (for user and session) - this will create one bucket per session which you can use to get metrics (like the number of actions or things like this)
this is for watcher, so as to to report on number of users who have logged in and have updated/deleted within same session.
Any example would be great for nested terms aggregations to pair such events
You might want to look at transform, it's useful to create sessions out of events. The result is written to an index, so you can create a watcher for it.
It all depends on what type of analyzes you aim for. If you only have simple requirements like give me the session length for user X, a runtime query will work.
But if you need 2nd order analyzes like average session length over all users in the last month, you need something like transform to store the result of the session creation, so you can query on this.
To dive into this topic I can also recommend this webinar recording.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.