Duration of several events

Elastic Stack Elasticsearch
1

After Logstash I have the following data in Elastic:

EVENTTIME OPERATION MSGID
20-06-20 05:09:46 Input 889780ef
20-06-20 05:09:47 Casche 889780ef
20-06-20 05:09:48 Transform 889780ef
20-06-20 05:09:51 Output 889780ef
20-06-20 06:11:48 Input 932c03a5
20-06-20 06:11:54 Transform 932c03a5
20-06-20 06:11:55 Output 932c03a5

On a Kibanа dashboard I want to get the duration for each MSGID:

MSGID DURATION
889780ef 00:05
932c03a5 00:07

By DURATION I mean the difference between Input and Output operations.

Tell me please, how to better implement this?

2

You can use transform to create a entity centric view on your index.

An example for duration can be found here.

1 Like
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.