Is it possible to create a document using the data from two already indexed documents?

Hi, I have a scenario where documents get logged with a time field in ISO8601 format, a unique ID, a status, and 5 other fields. The status field will contain either an ONLINE or OFFLINE status. I would like to know the time difference between the document with the online status and the document with the offline status. After reading Comparing date/time from two different documents and seeing the functionality I was looking for is not possible I wanted to know if a different approach was possible. In short is it possible to create a third document with a field containing the elapsed time between the first two documents using a script? Or perhaps update the first document with the second one and replacing the time field with an elapsed time field?

Thank you

In short is it possible to create a third document with a field containing the elapsed time between the first two documents using a script? Or perhaps update the first document with the second one and replacing the time field with an elapsed time field?

Either of those strategies sound reasonable. This would be done external to Kibana with a script of some sort and then Kibana would just display the new index or the updated original index.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.