Group by timestamp proximity

Tomas_Law · January 12, 2018, 4:45pm

Hello,

I have several logs with a timestamp field and I want them to group by similar timestamps.

For example, group all the logs with timestamps that are spaced less than 30min between each log.

What I want is similar to the date histogram aggregation but I don't want a pre-defined time interval.

I DON'T WANT to group all the logs that exist in a 30min period.
I WANT to group a log (Log1) with another log (Log2) that exists within 30min from the first one. That is, timestampLog2-timestampLog1 < 30min.
Then, group a log (Log3) that exists within 30min from the last one (Log2). That is, timestampLog3-timestampLog2 < 30min.

Is there anyway to do this? Even if I have to do this in separate queries (for eg. getting the ranges first and grouping after).

Thanks

Brandon_Kobel · January 12, 2018, 5:55pm

Hey @Tomas_Law there isn't a way to do this currently with an Elastisearch query where you'd have dynamic buckets, so there isn't a way to do this via Kibana.

Perhaps you could modify the way you're ingesting your data to write these "groups" in the documents so that you can use them within Kibana?

system · February 9, 2018, 5:55pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Aggregate by time only Kibana	2	169	February 27, 2024
How to aggregate multiple events coming from different logs with slight different timestamp, when the only field is timestamp to combine those? Logstash elastic-stack-machine-learning	11	1912	December 3, 2021
Logstash aggregate field and increase count Logstash	4	1445	August 20, 2021
Canvas Chart Area using count/sum and Timestamp Kibana canvas	4	111	July 5, 2024
Hourly displaying of data Kibana	11	4271	August 13, 2021

Group by timestamp proximity

Related Topics