Compare fields in two documents?

Hello, In this topic, Get time elapsed between two different documents (now locked), it is indicated that Scripted Fields can help with this. However, elsewhere I've seen it mentioned that scripted fields only allow field comparisons between fields within the same document.

Can someone please clarify if this is possible? If not, any recommendations that would allow this?

One thought I had was to create a new document which contained the relevant fields from the earlier documents, any thoughts or recommendations for doing so?

Use case:
Document 1: Application started, user id, session id, timestamp this occured
Document 2: Application exited, user id, session id, timestamp this occured
Objective: Calculate time between these documents, later create graphs to look at average session duration, etc.

Thank you!

Scripted fields can only calculate data WITHIN one document. You CANNOT calculate data across multiple documents.

To achieve writing that diff, you will need to measure it before indexing the documents, so that you write the time diff to the ending document.

In Logstash e.g. the elapsed plugin can achieve that.

Cheers,
Tim

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.