HI ,
I have two grok patterns that has one common field , and there is timestamp field associated with these grok patterns .
Am able to make a mapping of common field wih their respective timestamps.
But not able to do like
if [common filed in grok 1] == [common filed in grok 2]
{ruby { code => "event.set('[response]', (event.get('[time stamp in grok2]').to_f1000)-(event.get('[timestamp in grok 1]').to_f1000))" }
}
Kindly help plzz.