I am bringing in signal data and counting spikes using the following search:
ekg| head 6000 | table ekg, _time | sort _time | trendline wma200(ekg) as ma | eval spike=if(ekg > 1.75 * ma, 5 , 0)
It works pretty well, but when the data spikes, I get about 4 spikes counted for each rise:
2.702835 2015-02-17T06:37:00.850+0000 1.836020976 0
1.505376 2015-02-17T06:37:00.850+0000 1.832955897 0
3.054741 2015-02-17T06:37:00.851+0000 1.845338754 0
3.387097 2015-02-17T06:37:00.853+0000 1.860977085 5
3.68524 2015-02-17T06:37:00.855+0000 1.8795149 5
3.743891 2015-02-17T06:37:00.856+0000 1.898542445 5
3.782991 2015-02-17T06:37:00.858+0000 1.91784865 5
3.646139 2015-02-17T06:37:00.860+0000 1.935670102 5
3.333333 2015-02-17T06:37:00.861+0000 1.950263797 0
2.917889 2015-02-17T06:37:00.863+0000 1.96063375 0
What I want is way to only count the first spike and then reset it after a time period (in milliseconds) so that I can accurately count the spikes as only one per rise.
Any ideas?
... View more