In my JSON I have two fields of type date: @timestamp and ls-timestamp
Let's say that i have the following in my JSON document in ES:
@timestamp in Kibana Discover mode prints this string: March 22nd 2018, 21:54:08.794
ls-timestamp in Kibana Discover mode prints this string: March 22nd 2018, 21:54:08.886
My goal is to compute a lag from when the application generated the log line (converted to @timestamp) and when LogStash actually processed the log-line (ls-timestamp).
A subtraction given the data above would give me 992 milliseconds or .992 seconds.
I tried to do a calculation, but you have to have agg to calculate on.
Then I tried to get a series with max of @timestamp, but date is not a number type -- so no max.
And even if I could use max on @timestamp, calculation would also requires @timestamp to be number AFAICT.
Any pointers are much appreciated.
Hi @iamthealex,
I'm thinking you can make a scripted field to convert the date to a number, then use that in the Visual Builder.
See this post for more information [scripted field] convert String date to timestamp
This for responding Chris, but converting date to number is exactly what I need and don't know how to do.
I looked at the link you posted, and it talks about converting string to Date, but I don't see how to convert date to number.
Hi,
https://www.elastic.co/guide/en/elasticsearch/reference/5.0/modules-scripting-expression.html#_date_field_api lists doc['field_name'].date.secondOfDay as something you can do. You can convert both to that measurement and compare.
Okay, I guess I can do that and if I get a negative number ( because the first timestamp is end of day N and second is beginning of day N+1), then I can "fix it".
doc['field_name'].date.epochMillis would be a lot easier though.
Thank you.