Hi,
I have a fleet of IoT devices that post every couple of minutes their status which could be online or offline. My goal is to have a metric that will show a count of all devices that are currently online, and a count for those that are offline. I want it to be dynamic so that if a device comes online it will drop out of the offline metric and go into the online metric.
My document looks like this:
{
"state": {
"reported": {
"wifistatus": "online",
"uuid": "1234-1234-1234-0000"
}
},
"shadow": {
"state": {
"reported": {
"wifistatus": "online",
"uuid": "1234-1234-1234-0000",
}
},
"metadata": {
"reported": {
"wifistatus": {
"timestamp": 1518205770
},
"uuid": {
"timestamp": 1518205770
}
}
},
"version": 231,
"timestamp": 1518205770
}
}
I am using the field "state.reported.wifistatus" to filter devices that are online.
I have been trying to use shadow.timestamp to find the most recent event. (since there could be hundreds of events for a device I need to find only the last event I received)
A problem I am running into is when a device has been offline for more than a year. I can't use a now-1m type of filter. Is there anyway to do this in kibana, if not is there a query in elasticsearch that will help me get this data?