Access Fields From Single Neighboring Event in a Sequence - Example 2
Access fields from a single neighboring (succeeding) event in a sequence using the neighbor() function
Query
head()
| neighbor(key, prefix=succ, direction=succeeding)Introduction
The neighbor() function can be used to look at data
from nearby events in a defined sequence. The
neighbor() function can be used to compare an event
with events that came before or after it, to identify patterns in a data
sequence and to analyze how data changes from one event to the next.
In this example, the neighbor() function is used to
look at the succeeding event; the one just after the current event as no
distance is specified.
Note that the neighbor() function must be used
after an aggregator function to ensure event ordering.
Example incoming data might look like this:
| key |
|---|
| a |
| a |
| b |
| c |
Step-by-Step
Starting with the source repository events.
- flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0{{Aggregate}} 1{{Aggregate}} result{{Result Set}} repo --> 0 0 --> 1 1 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;logscale
head()Selects the oldest events ordered by time.
- flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0{{Aggregate}} 1{{Aggregate}} result{{Result Set}} repo --> 0 0 --> 1 1 --> result style 1 fill:#ff0000,stroke-width:4px,stroke:#000;logscale
| neighbor(key, prefix=succ, direction=succeeding)For each event, looks at the event immediately after it, and returns the results in a field named succ.key.
Event Result set.
Summary and Results
The query is used to access fields from a single neighboring event in a sequence, retrieving fields from either a preceding or succeeding event at a specified distance (number of events) from the current event.
Sample output from the incoming example data:
| key | succ.key |
|---|---|
| a | a |
| a | b |
| b | c |
| c | <no value> |
The query is useful for comparing event values or detecting patterns in sequential data.