I don’t know how to word the question any better, so apologies. I have the following situation. I have an application that keeps track of VM instances and logs changes to their statuses. So, for example assume I have the following records in elasticsearch (fields are timestamp, vm name, and status in that order) within a certain time window:
100 vm_one pending
110 vm_two pending
150 vm_two provisioning
160 vm_three pending
170 vm_two error
180 vm_one provisioning
200 vm_two retrying_provisioning
210 vm_one error
230 vm_three provisioning
240 vm_two running
250 vm_three running
What I want to calculate is the percentage of vms that are in an error status. I know I can easily query to get the number of unique vm names. But what I then want to query for is the latest record for each of the unique vm names and then count the ones that are in an error status. The result of this query would be:
210 vm_one error
240 vm_two running
250 vm_three running
Using this I can then calculate the percentage and set an alert based on the value.
Is something like this possible in grafana when using an elasticsearch data source?