Hi all,
So I am visualising (using Kibana) some NetFlow data stored in my Elasticsearch instance.
My interest is on two date fields : netflow.first_switched and netflow.last_switched et I aim to plot the actual throughput in my network (Timelion).
Is there any way to perform a substract operation between these 2 date fields ? in Kibana or Elasticsearch.
Thank you for your answers
Dates are stored as milliseconds since epoch, so it is simple subtraction to get the duration of the flow in milliseconds.
However that isn't really the best way to calculate rates in Kibana. I recommend you take a look at ElastiFlow (https://github.com/robcowart/elastiflow) and see how it does it using calculations with TSVB.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.