Compare fields in two documents?

kyle1441 · January 22, 2018, 10:49pm

Hello, In this topic, Get time elapsed between two different documents (now locked), it is indicated that Scripted Fields can help with this. However, elsewhere I've seen it mentioned that scripted fields only allow field comparisons between fields within the same document.

Can someone please clarify if this is possible? If not, any recommendations that would allow this?

One thought I had was to create a new document which contained the relevant fields from the earlier documents, any thoughts or recommendations for doing so?

Use case:
Document 1: Application started, user id, session id, timestamp this occured
Document 2: Application exited, user id, session id, timestamp this occured
Objective: Calculate time between these documents, later create graphs to look at average session duration, etc.

Thank you!

timroes · January 23, 2018, 10:00am

Scripted fields can only calculate data WITHIN one document. You CANNOT calculate data across multiple documents.

To achieve writing that diff, you will need to measure it before indexing the documents, so that you write the time diff to the ending document.

In Logstash e.g. the elapsed plugin can achieve that.

Cheers,
Tim

system · February 20, 2018, 10:00am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Calculation time difference between two document Kibana	5	4869	April 29, 2019
Time difference between two timestamps separated by a unique ID using scripted fields Kibana	2	829	June 8, 2020
Calculating a scripted field Kibana	2	327	September 3, 2018
How to calculate timestamp difference using Kibana scripted field feature? Kibana kql-kibana-query-language	2	2190	October 8, 2020
Get time elapsed between two different documents Kibana	5	4896	July 6, 2017

Compare fields in two documents?

Related topics