I am looking to record a measurement which is taken after the transition from Home state to Diagnostic State, I am calling the state change the keystone event the raw keystone event looks like so: ...
See more...
I am looking to record a measurement which is taken after the transition from Home state to Diagnostic State, I am calling the state change the keystone event the raw keystone event looks like so: {"bootcount":26,"device_id":"X","environment":"prod_walker","event_source":"appliance","event_type":"GENERIC", "location":{"city":"X","country":"X","latitude":X,"longitude":X,"state":"X"},"log_level":"info", "message":"client: GCL internal state { new_state: Diagnostic, old_state: Home, conditions: 65600, error_code: 0}", "model_number":"X1","sequence":274,"serial":"123X","software_version":"2.3.1.7682","ticks":26391,"timestamp":1723254756} my search to find the keystone event looks like: index="june_analytics_logs_prod" message=* new_state: Diagnostic, old_state: Home* NOT message=*counts*| After the keystone event, I would like to take the measurements found in the immediate next 5 events, i will call these the data events. the raw data events look like: {"bootcount":26,"device_id":"x","environment":"prod_walker","event_source":"appliance","event_type":"GENERIC", "location":{"city":"X","country":"X","latitude":X,"longitude":X,"state":"X"},"log_level":"info", "message":"client: fan: 2697, auger: 1275, glow_v: 782, glow: false, fuel: 0, cavity_temp: 209", "model_number":"X1","sequence":280,"serial":"123X","software_version":"2.3.1.7682","ticks":26902,"timestamp":1723254761} I would like to take the first 5 data events directly after the keystone event, extract the glow_v value and take the median of these 5 values as the accepted value. In short, want to build a query to find the time of a keystone event, use this time to find the immediately proceeding data events that match certain criteria, extract the glow_v value from these data events and then take the median of these glow_v values