Calculate time difference between 2 events with unique id

yago82 · December 16, 2022, 8:40am

Hi,

I have two events with same field idRda like the following, I need to calculate the difference between the timestamp

"message": "2022-12-13 14:52:00.399 {[ACTIVE] ExecuteThread: 5 for queue: weblogic.kernel.Default (self-tuning)} INFO idRda:[4040477] timestamp:[1670939520399]",
"message": "2022-12-13 14:52:06.203 {[ACTIVE] ExecuteThread: 12 for queue: weblogic.kernel.Default (self-tuning)} INFO idRda:[4040477] timestamp:[1670939526203]",

I try to use aggregate filter but for the moment it doesn't work.

filter {

  aggregate {
    task_id => "%{idreport}"
    code => '
    map["firstEvent"] ||=  event.get("timestamp")
    map["lastEvent"] =  event.get("timestamp")'
    timeout_code => '
    require "time"
    starttime = Time.iso8601(event.get("firstEvent").to_s).to_f
    endtime   = Time.iso8601(event.get("lastEvent").to_s).to_f
    event.set("overallTime", endtime - starttime)'
  }
}

Thank you
Regards.

Badger · December 16, 2022, 5:48pm

Unless you are setting push_map_as_event_on_timeout the event will not have those fields.

system · January 13, 2023, 5:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Find time difference between series of events with uniqueid Logstash	6	1125	January 7, 2021
Combining two events in one to calculate time difference Logstash	3	2107	January 13, 2022
Calculate time between different events with same ID Logstash	1	298	May 31, 2020
Upsert a document with unique id but same fields and different values Logstash	1	180	January 13, 2023
Finding time difference between two events with in a single batch of logstash Elasticsearch	6	1009	October 7, 2019

Calculate time difference between 2 events with unique id

Related Topics