I am collecting log data and putting it into elastic search. Each document has 4 columns containing timestamp, key(not unique), Interface and Message. I need to calculate the time difference between two rows with same value in key column for a particular interface column value containing specific message. Is there a way i can do this and visualize in Kibana. Finally i want a visualization which shows the calculated time difference at one axis and unique set to keys to another. Please help me out here.
There are a number of threads on this from others asking the same thing, try a search and see what works for you.
If you can please suggest a link. That would be helpful. Thanks for the quick response.
It seems one cannot work on building logic for 2 different documents columns in Kibana rather they can use Scripted fields for logic building on different columns but for same same document . Is that right? How to perform calculations on two different documents columns?
This seems to be the only solution.