Hello all,
I have a question regarding a calculation for the stock.
My table has three coloums: ISIN, price and timestamp. Every event gives a new price for an arbitrary ISIN. The task is to find out which ISIN has a price change over a given threshold (e.g. 5%) in the last two events for this ISIN.
I want to build an alert if the price change of an ISIN exceeds the threshold in two sequenced events which belong to each ISIN.
I have tried the following command:
sourcetype="stock_data.csv" | top 2 _time by ISIN | stats count by ISIN
But I have no idea how to calculate the two newest prices for one ISIN and to compare it with a given threshold.
Many thanks in advance!
... View more