Compare fields in two documents?

kyle1441 · January 22, 2018, 10:49pm

Hello, In this topic, Get time elapsed between two different documents (now locked), it is indicated that Scripted Fields can help with this. However, elsewhere I've seen it mentioned that scripted fields only allow field comparisons between fields within the same document.

Can someone please clarify if this is possible? If not, any recommendations that would allow this?

One thought I had was to create a new document which contained the relevant fields from the earlier documents, any thoughts or recommendations for doing so?

Use case:
Document 1: Application started, user id, session id, timestamp this occured
Document 2: Application exited, user id, session id, timestamp this occured
Objective: Calculate time between these documents, later create graphs to look at average session duration, etc.

Thank you!

timroes · January 23, 2018, 10:00am

Scripted fields can only calculate data WITHIN one document. You CANNOT calculate data across multiple documents.

To achieve writing that diff, you will need to measure it before indexing the documents, so that you write the time diff to the ending document.

In Logstash e.g. the elapsed plugin can achieve that.

Cheers,
Tim

system · February 20, 2018, 10:00am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Calculation time difference between two document Kibana	5	4860	April 29, 2019
Compare two fields with different documents Logstash	6	649	September 2, 2022
Time Difference between two logs Kibana	7	1409	October 7, 2022
Help with scripted fields Kibana	3	346	November 12, 2018
Is it possible to create a document using the data from two already indexed documents? Kibana	2	297	May 3, 2019

Compare fields in two documents?

Related Topics