Hi all,
I want to merge the following sets based on their timestamp.
index=bus sourcetype=bus | table timestamp type x-pos y-pos
The results of this query looks like this:
timestamp type x-pos y-pos
2019-06-17T11:08:42.887+0200 BUS-4 1 1
2019-06-17T11:08:31.878+0200 BUS-4 2 2
2019-06-17T11:08:20.871+0200 BUS-4 3 3
2019-06-17T11:08:09.895+0200 BUS-4 4 4
2019-06-17T11:07:56.903+0200 BUS-4 5 5
..
..
The .csv with which it should be merged looks like this:
START_PERIOD END_PERIOD STATUS
2019-06-17T09:42:41 2019-06-17T12:12:31 OK
2019-06-17T09:17:47 2019-06-17T09:42:41 ERROR
2019-06-17T08:02:14 2019-06-17T09:17:47 OK
..
..
The STATUS of the .csv should be attached when the timestamp of the resultset is between the START_PERIOD and END_PERIOD.
So myy expected results look like this:
timestamp bus x-pos y-pos STATUS
2019-06-17T11:08:42.887+0200 BUS-4 1 1 OK
2019-06-17T11:08:31.878+0200 BUS-4 2 2 OK
2019-06-17T11:08:20.871+0200 BUS-4 3 3 OK
2019-06-17T11:08:09.895+0200 BUS-4 4 4 OK
2019-06-17T11:07:56.903+0200 BUS-4 5 5 OK
..
..
I hope you can help me with this query.
Thanks in advance.
Regards
... View more