Compare data from multiple rows

is it possible in kibana scripted fields to compare data from multiple rows.

I have two search results

1. message = "abs" timestamp="hh.mm.ss" source="xyz"
2. message = "bsa" timestamp="hh.mm.ss" source="xyz"

source is same but different messages and difference timestamps. i would like to show the timestamp difference between these two timestamps when these messages were generated.

i have tried using painless scripting language but not sure how can i merge inputs from multiple rows.

I have multiple use cases similar to this where i have fetch data from multiple rows and do some logical operations and finally show the status like "Pass" or "fail" on each row. Please help.

These fields have to be later shown on visualizations.

No, You can only compare values inside the same document
Have a look at logstash Aggregate filter plugin

It depends on the context. You can do this in:

• The metric aggregation context https://www.elastic.co/guide/en/elasticsearch/painless/current/painless-metric-agg-map-context.html
• Bucket script aggregation contexts https://www.elastic.co/guide/en/elasticsearch/painless/current/painless-bucket-script-agg-context.html

I would also recommend that if you are doing this kind of analysis frequently, you should reindex this data in a way that is more suited to this kind of query. This might be using either:

• Ingest pipelines https://www.elastic.co/guide/en/elasticsearch/reference/7.3/script-processor.html
• Logstash
• Using the free basic-licensed Data Frame transforms https://www.elastic.co/guide/en/kibana/current/creating-df-kib.html

so there is no way to calculate the time difference. ?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.