Elapsed time between starting log line ending log in a log file

Hi iam new to logstash i need to find out the elapsed time between starting event date to ending event date in log file ,i dont have any unique ids for starting event and ending events
so how to achive this with logstash...
I have the data like this.

OnInformation {AB844DE7-6F18-49F0-911C-F2EB7D40F213},{297195D1-92CD-499C-98DA-403782728781},23-07-2019 10:45:47 AM,23-07-2019 10:45:47 AM,1074016264,0x,Post Execute phase is beginning.

OnProgress {92CAF720-F66F-4D50-8A9B-0E0D2C4C329F},{297195D1-92CD-499C-98DA-403782728781},23-07-2019 10:45:47 AM,23-07-2019 10:45:47 AM,0,0x,Post Execute

OnPipelinePreComponentCall {92CAF720-F66F-4D50-8A9B-0E0D2C4C329F},{297195D1-92CD-499C-98DA-403782728781},23-07-2019 10:45:47 AM,23-07-2019 10:45:47 AM,0,0x,Data flow engine will call a component method. : 2 : Customer : PostExecute

OnInformation {92CAF720-F66F-4D50-8A9B-0E0D2C4C329F},{297195D1-92CD-499C-98DA-403782728781},23-07-2019 10:45:47 AM,23-07-2019 10:45:47 AM,1075876061,0x,The processing of file has ended.

i need to find out elapsed time between starting log line to ending log line.

thanks advance

You can use the aggregate filter for this Here is a starter tutorial

You will need a single worker as all events need to be processed in-order.

It looks like your task_id is the field with this data 297195D1-92CD-499C-98DA-403782728781.

Is the integer before the 0x value a timestamp?

Your start condition could be if [task_message] == "Post Execute phase is beginning" (does a full stop terminate the string in the actual data?).

Hi guyboertje,

Thanks for your response
I think Elapsed time filter also did the same job correct?.
Iam using Elapsed time filter for finding the job elapsed time from starting event to ending event.
Thanks
Madhu Sekar Akula

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.