I am using an elapsed time plugin, as per the documentation the elapsed-time is calculated in seconds. I am calculating the values on a unique field basis "seq". Here is what i am getting, In the snapshot the second event is the start event and first one is the end event which contains the elapsed-time value. but looking at the time stamps the calculated values doesn't seem correct.
both timestamps are same except the ms part.
ms is 221 in the end event and 193 in the start event which should be 0.028 sec and 28 ms but the elapsed time field is showing "1,027,052" which is very wrong. Can you please help understanding it?
I realized that this problem is happening because of loading the offline logs.
I need to work with offline logs. and since elapsed filter uses @timestamp to calculate the "elapsed_time" field so it is not working as expected.
@Badger Is there anyway to tell elapsed filter to use custom field like i have log_timestamp to calculate the "elapsed_field" and assign the same to the "elapsed_time_start" instead of using @timestamp.
Following is the snap shot indicates the time difference between actual log time and the load time and calculated values of the elapsed_time.
I don't know if we can replace the value of @timestamp using mutate filter by the log_timestamp. If we can do this then i think it will be resolved.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
