Hi all, I am using data from 3 different indexes. They contain events which can be attributed to specific transactions through ID. There are multiple transactions and each transaction contains event from multiple indexes. The transaction can look like 1) event from index 1, 2) event from index 2, 3) event from index 1, etc. I would like to get only events for which the transaction starts with A and ends with B or C. I was thinking to use transaction but it would be way too slow to get the events. I was trying to work out with stats but I end up getting all events, not only the events that start with A and end with B or C. The result should be also list of events, i.e. no chart or visualizations. Any ideas? (index=x) OR (index=y) OR (index=z)
| stats list(*) as * by ID Time | fields - a,b,c
... View more