Tracking number of value changes of boolean field in time series

My time series data contains a boolean field, which changes frequently. I want to count the number of changes of said field.

Optimally I would like to create a field containing this number while ingesting, but showing the current count on a Kibana Dashboard suffices.

I came up with the following approaches:

• Calculate a cummulative sum over the boolean field, filter by negative values and output the cardinality of the result.
• Use serial_diff on the boolean field and sum over the result.

However I was not able to construct said queries or find dashboard functionality to represent this behaviour. Help is greatly appreceated.

Dashboards do no expose the ability to derive fields from multiple documents. To show this value in Kibana, you will need to store the value in the document.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.