How to calculate timediff of two fields in the same event

Ganesh_Venkataraman · November 5, 2017, 11:09am

LOGSTASH - I would like to calculate time taken in seconds for two timestamps in the same event and store it in a different field say "e2e_latency_in_seconds".

The timestamps are in different format. I have successfully normalized them into one format and stored into elasticsearch however I am unable to create a new field using logstash plugin. Please help. I don't think I can use the elapsed plugin as it is for two different events but my case is just one event.

date{
	match => [ "tds_audittimestamp", "UNIX_MS"]
	target => "tds_audittimestamp"
}

date{
	match => [ "trade_insertion_at_source", "yyyy/MM/dd HH:mm:ss.SSS" ]
	timezone => "UTC"
	target => "trade_insertion_at_source"
	}

I have calculated using kibana scripted field but I want to achieve this in logstash as I cannot used scripted fields in Grafana.

screenshot

novoselrok · November 5, 2017, 11:29am

Try using the Ruby filter plugin:
https://www.elastic.co/guide/en/logstash/current/plugins-filters-ruby.html

Ganesh_Venkataraman · November 6, 2017, 7:58am

I don't know ruby so found it very difficult. I have used below post to find the solution.

system · December 4, 2017, 7:58am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to calculate timediff (in milliseconds) of two fields in the same event Logstash	4	2426	November 8, 2018
Logstash Ruby filter to subtract difference between two timestamps in single event Logstash	5	26265	July 6, 2017
Timestamp difference calculation Logstash	6	7115	December 6, 2017
Finding time difference between two events with in a single batch of logstash Elasticsearch	6	1011	October 7, 2019
Scripted field: Get difference of between alternate occurrences of an event Kibana	6	1283	April 5, 2017

How to calculate timediff of two fields in the same event

Related topics