Hi all,
I have data of movement sensors. Each sensor sends data when it detects that someone is near the sensor. I would like to count per hour the amount of sensors that have detected 1 person during that hour, 2 people during that hour, 3 people... The command that I execute is:
[..] bucket _time span=1h | eventstats count as num_detections by sensor,_time | stats count(sensor) by num_detections | sort num_detections
The outcome is a table like:
num_detections ............ count(sensor)
1 ..................................... 600
2 ..................................... 650
3 ..................................... 800
...
I get what I want except for the value of the amount of sensors that have detected 0 persons. This is due to that I'm counting events, so, for the 0 I need to add something that counts the number of sensors that have not registered any detection (so counting the non-events). Does anybody have a recommendation of which would be the better way to do it? Should I totally re-do my command from another approach?
One of the options that I was thinking is to somehow do total_num_of_sensors - num_of_sensors_that_have_detected_something. However, how could I include that in the outcome?
Thanks in advance
... View more