Hi Everyone !
I'm new to elastic and kibana and I have some troubles with duration time between log event.
I have 2 logs that i get via SNMP Trap :
referenceNumber : 123456
alarmType: 2
@timestamp : 2023-04-11T09:00:00.091Z
referenceNumber : 123456
alarmType: 3
@timestamp : 2023-04-11T09:00:45.091Z
Those logs represent event from other software.
alarmType:2 start event
alarmType:3 end event
I need to calculate the time of that event. Is that possible ?
Hello @justme123
THis is not possible with only Kibana I think. A requirement would be to somehow add event.duration at ingest time. For example in Logstash you can add an elasticsearch filter with which you could theoreticaloly query Elasticsearch for a doc with the same ReferenceNumber (if this is a usable number of course). Then you calculate the difference between the currently ingested @timestamp and the @timestamp of the doc you would get from your query.
Grtz
Willem
I wonder if Elpased plugin could solve my problem
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.