Good day!
I am new to elastic and I'm wondering if any other users can help me with my problem. I am having a trouble computing the event.start and event.start (last value) of a certain process on my logs. I am planning to add a runtime field to the data view. I can get the value of my event.start but I dont know the code for the event.start last value. If there are any other way to solve this problem, I'll gladly appreciate. Thank you
Hi, I assume by "event.start last value," you mean a value of the event.start field that exists in the document with the most recent timestamp.
Unfortunately, runtime fields only work across fields of a single document. If you need a calculation that involves awareness of an external document, you'll need to get that in a query and capture that value.
Which application are you using for your processing? This kind of calculation can be done in Canvas, with the essql and var_set functions:
https://www.elastic.co/guide/en/kibana/current/canvas-function-reference.html#essql_fn
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.