Hi!
I been struggling with this some few months and i haven't found a good way to do it. I'm passing events to logstash correspondent to transactions, each transaction is composed of n events and i have to calculate the time between each event of that transaction. Multiple events of differents transactions can appear the same time. At this moment i had to create my own filter plugin to do it, and i'm calculating the time well, but the problem is that i don't have any way to determinate which event is the last one in order to delete it from memory and adding an 'end' and 'start' field it's impossible to me due to other business stuff. Also, im not expert on Ruby so this has been some difficult to me to made.
So, my question is: Is there a way to make this of a easier way? I arealdy tried the elapsed and aggregate filter, but didnt found a way to make it work as i need.
Thanks!