Query the list of changes for a keyword field

Elastic Stack Elasticsearch
1

I have a serie of documents like this:

timestamp CAR.keyword ENGINE_SERIAL_NUMBER.keyword
20-02-2017 CAR1 A0001
20-02-2017 CAR2 B0001
21-02-2017 CAR1 A0001
21-02-2017 CAR2 B0001
22-02-2017 CAR1 A0001
22-02-2017 CAR2 B0002
23-02-2017 CAR1 A0001
23-02-2017 CAR2 B0002
24-02-2017 CAR1 A0002
24-02-2017 CAR2 B0002

As you can see,

  1. the 22nd, the ENGINE_SERIAL_NUMBER of CAR2 has changed.
  2. the 24th, the ENGINE_SERIAL_NUMBER of CAR1 has changed.

I'd like to query for those changes. Something to be able to identify:

22-02-2017 CAR2 replaced engine B0001 by B0002
24-02-2017 CAR1 replaced engine A0001 by A0002

Is it possible and how?

2

Do you want I reformulate? maybe it is not clear enough

3

I don't think you can easily.

Apart doing a terms agg on car then a sub terms on engine serial number.

But it's not going to give you the exact result you are expecting.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.