Hello!
Sample data:
| Vehicle | Hour of Day | count | delta(count) |
| car1 | 11 | 5 | -- |
| car1 | 12 | 0 | -5 |
| car1 | 13 | 3 | 3 |
| car2 | 11 | 9 | 6 |
| car2 | 12 | 5 | -4 |
| car3 | 11 | 5 | 0 |
| car3 | 12 | 5 | 0 |
| car3 | 13 | 0 | -5 |
| car3 | 14 | 2 | 2 |
Please notice how delta(count) is calculated even going from a row that says car1 to car2 or car2 to car3. I want to alert when delta(count) is greater than 5, but only if this delta is calculated going from a row that car2 to a similar next row that is also for car2. That is, if the row switches from car1 to car2 and delta is greater than 5, or like in the table, delta is 6, I want to ignore this change and only show rows with deltas greater than 5 that were calculated for the same car, and not between different cars. Is there a way to do this?
I tried to using streamstats/eventstats with the last() function but I'm not sure that I am using it correctly.
For the end product, I need an alert that will fire off when a car has an increase in its count of more than 5.
Thank you so much for any help!!!
