Hi @Raja_Kushwah,
You can also achieve this using Logstash Filter Plugin called "Elapsed", which can calculate the execution time between two events using unique transaction id for both the events.
Please refer below for more details :
https://www.elastic.co/guide/en/logstash/current/plugins-filters-elapsed.html
Also below is the sample logstash conf file for the same.
input{
beats{
port => 5044
}
}
filter{
grok{
match => ["message", "%{TIME:timestamp:date} %{GREEDYDATA:Thread} %{WORD:LoggingLevel} %{WORD:RouteName} - (?<logmessage>(.|\r|\n)*)"]
}
json{
source => "logmessage"
target => "doc"
}
mutate {
add_field => {"trxnId" => "%{[doc][transactionId]}"}
add_tag => ["%{[doc][messageType]}"]
}
elapsed {
unique_id_field => "trxnId"
start_tag => "SourceRequest"
end_tag => "SourceResponse"
new_event_on_match => false
}
}
output{
elasticsearch{
hosts => ["http://ES_HOST:ES_PORT"]
index => "index-%{+YYYY.MM.dd}"
}
}
In the above example SourceRequest and SourceResponse are the start and end event in the transaction.
Regards,
Rakesh Chhabria