The context is Splunk is collecting data from a radar device. Basically what it gets is the Latitude, Longitude and Id of nearby objects in a x meters radius range. The events are in JSON format and the following is an exemple: {
"Id": 1,
"Latitude": x,
"Longitude": y
} Splunk must trigger an alert when an object which previously was at position y, now is at position z iff delta z-y is too big. I know the alert can be triggered if the search result returns at least 1 row, but I don't know how to write this query because too complex. Is it possibile to make this query? How can I do this? Thank you in advance!
... View more