Hi everyone!
I've a simple log of users logging in and out, stored in Elasticsearch:
| datetime | user | action |
-----------------------------------------
| 2018-06-06 10:00:00 | john | in |
| 2018-06-06 15:00:00 | john | out |
| 2018-06-06 18:00:00 | john | in |
| 2018-06-06 20:00:00 | john | out |
| ... | ... | ... |
The user john was logged in for 7 hours (10:00-15:00 & 18:00-20:00), contrary we expect john being logged out for 17 hours (24 hours - 7 hours).
Desired output:
| date | user | in | out |
|-------------------------------|
| 2018-06-06 | john | 7 | 17 |
| ... | ... | ... | ... |
I found a promising plugin, but would like to solve it without logstash.
(How) can I achieve this, any idea?
Thanks in advance!