Transforms - Latest and Pivot

Hello,

I was wondering if its possible to do something like a combination of latest and pivot or maybe more understanding of what I can do with each.

So use case:
I have status field(keyword) reported for object field (keyword) into time series log ingestion. The problem is a status value of "up" might appear in the last 7 days, the status field won't reappear unless an event triggers and reports the value of "down". So I want to be able to show a static or updated index that can show the object, status, and the last value of the timestamp (the time the value was updated). Essentially an health overview of object values.

I did try this with latest, and it did keep the most latest value of status, its @timestamp was the last value of timestamp. This doesn't work for me because the overview of all objects and status varied depending on time range.

I want it to be static, so I used a pivot. The pivot did a great job at keeping a static index, but now I can't determine when the values were last updated.

I might be overthinking this, any help would be great!

Hello,

its possible to do something like a combination of latest and pivot

Unfortunately, no, you can only choose one type, either latest transform or pivot transform.

So use case:
I have status field ...

It is a bit hard to understand your use case from the description. It will be more useful if you could post part of your source data (mask the sensitive information) , then tell what you want it to be transformed to.

I want it to be static, so I used a pivot. The pivot did a great job at keeping a static index, but now I can't determine when the values were last updated.

Have you checked our painless examples for pivot transform? You might be able to find some similar case from there.

Thanks.