Group by timestamp proximity

Tomas_Law · January 12, 2018, 4:45pm

Hello,

I have several logs with a timestamp field and I want them to group by similar timestamps.

For example, group all the logs with timestamps that are spaced less than 30min between each log.

What I want is similar to the date histogram aggregation but I don't want a pre-defined time interval.

I DON'T WANT to group all the logs that exist in a 30min period.
I WANT to group a log (Log1) with another log (Log2) that exists within 30min from the first one. That is, timestampLog2-timestampLog1 < 30min.
Then, group a log (Log3) that exists within 30min from the last one (Log2). That is, timestampLog3-timestampLog2 < 30min.

Is there anyway to do this? Even if I have to do this in separate queries (for eg. getting the ranges first and grouping after).

Thanks

Brandon_Kobel · January 12, 2018, 5:55pm

Hey @Tomas_Law there isn't a way to do this currently with an Elastisearch query where you'd have dynamic buckets, so there isn't a way to do this via Kibana.

Perhaps you could modify the way you're ingesting your data to write these "groups" in the documents so that you can use them within Kibana?

system · February 9, 2018, 5:55pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Use timestamp from previous log line Kibana	4	879	February 9, 2018
Nested querying like SQL Kibana	3	483	February 9, 2018
Kibana Transforms Kibana transforms	4	349	January 18, 2023
Aggregate by time only Kibana	2	170	February 27, 2024
Query to find multiple docs with timestamp field within specified timerange Kibana kql-kibana-query-language	2	263	July 18, 2021

Group by timestamp proximity

Related topics