Hello,
I'd like to calculate the timestamp difference between two actions.
But I can't find a way to do it.
Log example is below.
| @timestamp | action |
|---|---|
| May 20th 2018, 15:41:32.111 | login |
| May 21th 2018, 10:39:01.761 | logout |
Please guide.
Thank you.
maedamaeda
What do your Elasticsearch indices and docs look like? Is the log example data in one document, or multiple documents?
My Elasticsearch indices web application logs.
The logs are in multiple documents.
I recommend restructuring the data sent to Elasticsearch so that each document looks something like this:
{
"session_id": 123456,
"login_time": "May 20th 2018, 15:41:32.111",
"logout_time": "May 21th 2018, 10:39:01.761",
}
Then, you can add a Scripted field in Kibana to calculate the difference between login_time and logout_time.
You can read more about modeling data for Elasticsearch here.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.