We have a monitoring system that posts data to our postgres database in this format:
Our goal is to calculate the time between wa-event-triggered events and wa-event-recovered events, if i have data that looks like this, my query below works just fine.
ts | text-----------------------------+------------------+2021-04-15T18:35:08.000000Z | wa-event-triggered2021-04-15T18:45:08.000000Z | wa-event-recovered2021-04-15T18:50:08.000000Z | wa-event-triggered2021-04-15T18:55:08.000000Z | wa-event-recoveredselect *from (select text, ts, CAST(ts as timestamp) - lag(CAST(ts as timestamp)) over (order by CAST(ts as timestamp)) as increasefrom messageswhere text ~ 'wa-event-') as alertswhere alerts.text ~ 'recovered';This gives me this table which is great!
ts | text | Increase-----------------------------+--------------------+-----------------+ 2021-04-15T18:45:08.000000Z | wa-event-recovered | 00:10:002021-04-15T18:55:08.000000Z | wa-event-recovered | 00:05:00However the data is not always sequential in that our alerting system can post multiple wa-event-triggered events before we finally have a wa-event-recovered event, so how would i get the time difference between the first wa-event-triggered found and the first wa-event-recovered found and ignore all the wa-event-triggered events in between given that there will be hundreds of these triggered/recovered pairs.
ts | text-----------------------------+------------------+2021-04-15T18:35:08.000000Z | wa-event-triggered <- start timer2021-04-15T18:45:08.000000Z | wa-event-triggered2021-04-15T18:55:08.000000Z | wa-event-triggered2021-04-15T18:50:08.000000Z | wa-event-recovered <- end timer2021-04-15T19:00:00.000000Z | wa-event-triggered <- start timer2021-04-15T19:05:08.000000Z | wa-event-triggered2021-04-15T19:10:08.000000Z | wa-event-triggered2021-04-15T19:15:08.000000Z | wa-event-recovered <- end timer2021-04-15T20:05:08.000000Z | wa-event-triggered <- start timer2021-04-15T20:10:08.000000Z | wa-event-triggered2021-04-15T20:15:08.000000Z | wa-event-recovered <- end timerAdvertisement
Answer
You can just include the changed records and use your method:
select *from (select text, ts, ts::timestamp - lag(ts::timestamp) over (order by ts::timestamp) as increase from (select m.*, lag(text) over (order by ts::timestamp) as prev_text from messages m where text ~ 'wa-event-' or alerts.text ~ 'recovered' ) m where text ~ 'wa-event-' and prev_text is distinct from text ) alertswhere alerts.text ~ 'recovered';