Hi All,
I need help for new scripted field to calculate Unix timestamp difference in kibana as a Metric
stop_timestamp :
start_timestamp :
output: hh:mm:ss:SS:SS
1 = 1 Nanosecond
1000 = 1 Microsecond
1000000 = 1 Millisecond
1000000000 = 1 second
I am using Kibana 7.17
Have you tried:
doc['stop_timestamp'].value - doc['start_timestamp'].value
Thanks for your reply, as my requirement supports unix timetimestamp I tried :
def inc_factor;
if(doc['timeline_increment_factor'].value){
inc_factor = (doc['timeline_increment_factor'].value);
} else {
inc_factor = 1;
}
if (doc['duration'].value) {
return Math.floor(((doc['duration'].value) * inc_factor)/1000000000) ;
}
return 0;
Error :
org.elasticsearch.search.lookup.LeafDocLookup.get(LeafDocLookup.java:100)",
"org.elasticsearch.search.lookup.LeafDocLookup.get(LeafDocLookup.java:28)",
"if(doc['timeline_increment_factor'].value){\r\n ",
" ^---- HERE"
Is the extra complexity you're adding intended to solve a special thing needed for Unix timestamps? I am not following what "timeline increment factor" has to do with calculating a difference of Unix timestamps.
A unix timestamp is just one way of formatting a date, the value being the number of seconds since January 1, 1970 - aka the Unix epoch. You said you have start and stop timestamp fields, which are mapped in Elasticsearch as date or some numeric representation of the number of seconds since the Unix epoch. Either way, I think my example should suffice for your use case. If you have two different fields that are a number of seconds, they are relatable and if you need their difference you can subtract one from the other.
Could you give a real example of what your document fields and values look like, and what mappings you have?
from document the idea is to get the value in 'seconds' and sum(add) all the documents and convert the final value into hh:mm:ss:SS
Example:
"stop_timestamp": 1629098169,
"start_timestamp": 1629095674,
"timeline_increment_factor": 1000000000 (the timeline factor varies to document , it can be nano, milli, micro and second)
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.