I'm adding logs to Elasticsearch from multiple services (httpd, PHP, back-end servers, etc.) that are all used during a request. To tie them together, I have httpd generate a unique ID per request, and pass it to all other services, which include it in their logs. This lets me search in Kibana for a particular request ID, and get all logs related to it.
Now I'd like to do something more complex. I'd like to see how long each request is taking, and where it spends its time. I'm thinking of a graph with bar for each request (representing the total time), with the bar broken down into a segment for each service (representing the time it spent in that service). It would also be nice to calculate average times, both for requests and services.
I can log each of these times individually, but how do I tie them together in an Elasticsearch query? I looked at aggregations, but I could use some help understanding what kind of query to make. Or is this not something Elasticsearch is designed to do?