Say I have an index A which has all the IPs logged during the day. So every event has an IP and the timestamp it was seen.
What I need to find is the count of the occurrence of each IP for the first 15 mins starting from the timestamp of the first occurrence of the IP.
Example: Say I find IP 126.96.36.199 at 10:00, 10:05,10:12, 10:16,10:20 and IP 188.8.131.52 at 11:00, 11:05, 11:10, 11:20.
For IP 184.108.40.206 the first occurrence was at 10:00 . So in the first 15 mins which is from 10:00 till 10:15 I get the occurrence count as 3. Occurrence at 10:16 and 10:20 is ignored.
Similarly for IP 220.127.116.11 the first occurrence was at 11:00 , so the first 15 mins i.e from 11:00 to 11:15 the occurrence count is 3. 11:20 occurrence is ignored.
So basically I want a search query which will give me the count of occurrence of each IP for the first 15 mins starting from the first occurrence of each IP.
The search result here would be
... View more