Is it possible to do delta groupby some field? I have an application which is processing data from multiple queues. Each queue has independent ever increment sequence number. I need to find a missing sequence with search. The log format looks like:
2016-11-21 17:15:40,803 queueName=q1, seqid = 12
2016-11-21 17:26:40,803 queueName=q2, seqid = 32
2016-11-21 17:27:40,803 queueName=q3, seqid = 114
2016-11-21 17:44:41,803 queueName=q3, seqid = 113
2016-11-21 17:50:49,803 queueName=q2, seqid = 34
2016-11-21 17:51:40,803 queueName=q2, seqid = 33
2016-11-21 17:53:40,803 queueName=q1, seqid = 13
2016-11-21 17:58:22,803 queueName=q3, seqid = 116
I am using
sort queueName,seqid | delta seqid as seq_diff | search seq_diff > 1 | table queueName,seqid,seqid_diff
But this does not take care of checking diff across queueName. How do I restrict delta by queueName?
... View more