Calculated fields

derekmizak · May 8, 2020, 4:29pm

Hi,

I have a log which looks more less like this:

23/03/2020 8:15, mary, pc1154, SessionStarted, SessionID 1, Tools3
23/03/2020 9:00, john, pc2345, SessionStarted, SessionID 2, Apps1
23/03/2020 9:10, SessionID 1, SessionTerminated
23/03/2020 9:30, SessionID 2, SessionTerminated

I want to produce a report which would show duration of each session in the following form:

username,   ClientMachineName,  DeliveryGroup,  SessionStartTime,   SessionEndTime,   SessionDuration
john,       pc2345,             Apps1,           23/03/2020 9:00,   23/03/2020 9:10,  0:10
mary,       pc1154,             Tools3,          23/03/2020 8:15,   23/03/2020 9:30   1:15

I can use python to manipulate it outside Elastic, produce new document like in the second log and and index it back in.
However, Do you know if there is any solution to do such a transformation natively in Elastic/Kibana?

jsanz · May 8, 2020, 4:41pm

Hi @derekmizak, have you checked Transformations? This mechanism is exactly meant to produce derivative indexes that pivot your datasets to produce updated metrics.

derekmizak · May 8, 2020, 7:18pm

Hi, @jsanz - thank you a lot - it is exactly what I was looking for. Once I am bit wiz in Transforms I will post some here as a sample. Thank you.

system · June 5, 2020, 7:18pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.