How to add an additional field in elastic search ?I want to create an additional field to show time difference between two events in the new created field

gaurow.deshmukh · May 22, 2024, 5:48am

I want to create an additional field to show time difference between two events..

dadoonet · May 22, 2024, 8:41am

Not easy. The EQL feature might help you to do that. See EQL search | Elasticsearch Guide [8.13] | Elastic. But I'm not sure on how to use that in Kibana.

I don't know (yet) how to do that with ES|QL if doable.

IMHO The best thing to do is to compute that at index time. The Logstash aggregate filter for example could help with that.

Topic		Replies	Views
What is the best possible way to show time difference between two events in elastic search? Elasticsearch	2	59	June 18, 2024
Trying to add two extra fields to my indexed documents Logstash	1	307	March 24, 2019
Add a time field in elasticsearch and calculate time between two event Logstash docker	4	378	June 28, 2022
Add a time field in elasticsearch and calculate time between two event Elasticsearch docker	1	216	June 21, 2022
How to add additional timestamp field in an index Elasticsearch	1	228	September 28, 2022