Hi there,
I have logs which contain a log line for starting and finishing a process. it looks like this:
I need the time difference between the "tux state retrieved" and "tux state retrieved". Since the data is already indexed, I would like to know, if there is an option to calculate this in kibana or timelion as postprocessing.
I am aware that there are possibilities of calculating it on index times in logstash. I will check this in future.
Thanks, Andreas
This would be possible with scripted fields if the time of start and finish are fields within the same document. Then a scripted field could be added to calculate the difference between those two fields. It is not possible to distill this information from your current structure because there is no relationship between the start and finish documents.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
