Hi Team,
What I'm trying to achieve: Find the consecutive failure events followed by a success event.
| makeresults | eval _raw="username,result
user1,fail
user2,success
user3,success
user1,fail
user1,fail
user1,success
user2,fail
user3,success
user2,fail
user1,fail"
| multikv forceheader=1
| streamstats count(eval(result="fail")) as fail_counter by username,result reset_after="("result==\"success\"")"
| table username,result,fail_counter
Outcome: The counter (fail_counter) gets reset for a user (say user1) if the next event is a success event for a different user (say, user2).
| username | result | fail_counter | |
| user1 | fail | 1 | |
| user2 | success | 0 | |
| user3 | success | 0 | |
| user1 | fail | 1 | <- counter reset for user1. It should be 2. |
| user1 | fail | 2 | It should be 3. |
| user1 | success | 0 | |
| user2 | fail | 1 | |
| user3 | success | 0 | |
| user2 | fail | 1 | |
| user1 | fail | 1 | |
Expected: The counter should not reset if the success event for user2 follows the failure event for user1.
I would appreciate any help on this. Not sure what I'm missing here.
