Hi, I have a particular service which we triggered occasionally and I would like to know the earliest time of every time it gets kick off for e.g
For e.g following is the data:
| _time |
service |
message |
Host |
| 2022-07-08T05:47:22.029Z |
abc |
calling service 123 |
host123.com |
| 2022-07-08T05:49:17.029Z |
abc |
Talking to service 123 |
host123.com |
2022-10-11T01:00:39.029Z
|
abc |
calling service 123 |
host123.com |
2022-10-11T01:02:46.029Z
|
abc |
Talking to service 123 |
host123.com |
The expected data outcome would be:
| Host |
starting_time |
| host123.com |
2022-07-08T05:47:22.029Z |
| host123.com |
2022-10-11T01:00:39.029Z |
I am aware I have to use streamstats somewhere. But given all the other fields are identical earliest time by host wont work. Also I am backdating the data for 6 months so I need something that is bit efficient. I only care about starting_time of the service of each time the service starts.
