Is it possible to create a document using the data from two already indexed documents?

Kagerou · April 5, 2019, 8:11pm

Hi, I have a scenario where documents get logged with a time field in ISO8601 format, a unique ID, a status, and 5 other fields. The status field will contain either an ONLINE or OFFLINE status. I would like to know the time difference between the document with the online status and the document with the offline status. After reading Comparing date/time from two different documents and seeing the functionality I was looking for is not possible I wanted to know if a different approach was possible. In short is it possible to create a third document with a field containing the elapsed time between the first two documents using a script? Or perhaps update the first document with the second one and replacing the time field with an elapsed time field?

Thank you

Nathan_Reese · April 5, 2019, 9:08pm

In short is it possible to create a third document with a field containing the elapsed time between the first two documents using a script? Or perhaps update the first document with the second one and replacing the time field with an elapsed time field?

Either of those strategies sound reasonable. This would be done external to Kibana with a script of some sort and then Kibana would just display the new index or the updated original index.

system · May 3, 2019, 9:08pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Comparing date/time from two different documents Kibana	9	3348	June 5, 2018
Calculation time difference between two document Kibana	5	4860	April 29, 2019
Get time elapsed between two different documents Kibana	5	4894	July 6, 2017
Compare fields in two documents? Kibana	2	4255	February 20, 2018
How to calculate cumulative sum on date/time difference? Kibana	2	448	July 12, 2021

Is it possible to create a document using the data from two already indexed documents?

Related Topics