hgshfgthsfghstgjsj
How are you shipping this data to Elasticsearch? If you are using Logstash or Beats, I would suggest asking the question there.
Depending on how urgent your deadline is, you probably want to contact support and open an urgent issue. They're super good about replying quickly. Discuss is much more asynchronous.
It looks like the formats you mentioned are the same, so if I understand you correctly, you're trying to find the difference in time between two separate documents. To do this, you're probably going to want to use scripted metric aggregations. In your case, you need to use the map_script to add your documents or at least your dates to the aggregation, and use the reduce_script to then pull the min and max dates from the aggregation and compute the difference.
Scripting dates with painless:
Scripted metric aggregations:
Support for this is spotty in the Kibana visualizations, so you're probably going to just be running queries directly against Elasticsearch to do this. You can do that in Kibana using the Kibana Dev Tools:
https://www.elastic.co/guide/en/kibana/current/console-kibana.html
Best,
C
.
hello , i'm using filebeat !!
please help me
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.