Calculating duration between two documents in Elasticsearch

tarp · July 12, 2017, 6:19pm

Hi,

I'm collecting logs from an application recording the start time. Then another record is signifying the end time. Both records have to match on DeviceId and a CorrelationId. I'm using an ingest pipeline to process the logs. When the log line is processed that is the end time, I want to query ES and get the starttime and calculate the difference, and add a field for it.
I'm at a loss on how and if this can be done in pipelines in Elasticsearch.
I saw something similar via Logstash, but I'm trying to avoid Logstash and just do this in Elasticsearch.

Any ideas?
Thanks,
Tim

Mark_Harwood · July 12, 2017, 8:53pm

Use an entity centric index - see https://youtu.be/yBf7oeJKH2Y

The comments include a link to example data and scripts

system · August 9, 2017, 8:53pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Mark_Harwood · June 20, 2018, 10:22am

No they don't because I expect they are awaiting a review which is why only I can see them.

I've just updated the scripts to work with elasticsearch 6.3 and this is the link

Topic		Replies	Views
ElasticSearch Transform Find Time Difference across documents Elasticsearch	2	511	August 25, 2020
Comparing date/time from two different documents Kibana	9	3355	June 5, 2018
Time between two timestamps in different files Elasticsearch	6	696	October 12, 2020
Add a time field in elasticsearch and calculate time between two event Logstash docker	4	380	June 28, 2022
Calculate time difference between two different record timestamps Elasticsearch	3	3034	July 18, 2018

Calculating duration between two documents in Elasticsearch

Related topics