Logs Timestamp

PritiS · June 18, 2019, 9:04am

Hi ,

I am trying to fetch total timings taken by a Job from Status A to Status B from logs, extracted Log timestamp column,status, jobid from logs in Kibana, How can we extract the total time taken by the Job ID and visualize this in Kibana graph,
Can you please provide support..

Thank you,
Priti

LeeDr · June 24, 2019, 5:19pm

Hi Priti,

This is actually rather difficult to do in Kibana. One way is by getting the data into an entity-centric index in Elasticsearch. What this means is that instead of having a time-based index where each event is indexed into Elasticsearch you would have one document per JobID and those documents would get updated with the time for each status and duration.

Here's the only "solution" I know of that could work directly in Kibana using Advanced JSON field in a Kibana visualization. But if you have a large index, the performance could be a problem;

Related links;

shwesinhan · June 25, 2019, 8:47am

Hi PritiS

Do you use logstash and realtime log shipping? If so, lucky you.

I solved by using logstash grok filter and elapsed filter.
For instance, let me share how to do

make start point for Status A log
make end point for Status B log
then connect start point and end point using by unique id (eg: jobid)

if "StatusA" in [message] {
grok {
match => { "message" => [ "grok pattern for your StatusALog. Let's say you will get status, jobid"]}
add_field => { "log_type" => "StatusA" }
add_tag => ["status_a"]
}
}

else if "StatusB" in [message] {
grok {
match => { "message" => [ "grok pattern for your StatusBLog. Let's say you will get status, jobid"]}
add_field => { "log_type" => "StatusB" }
add_tag => ["status_b"]
}
}

elapsed {
start_tag => "status_a"
end_tag => "status_b"
unique_id_field => "jobid"
periodic_flush => true
timeout => 2100
}

You will see elapsed_time, elapsed_timestamp_start fields at StatusB log in kibana. elapsed_time is different timestamp of StatusA and StatusB. elapsed_time field is float type. It's cool.
Then visualize it. I use TimeLion visualization. Here is my sample.
Y-axis : elapsed_time (in sec)
X-axis : time

But plz note that elapsed_time values are only accurate at same CPU.
If pipeline.workers: 1, the result will accurate.
If pipeline.workers: 2, the result won't accurate.

system · July 23, 2019, 8:47am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Correlation or calculating time difference between log entries using BI tool with ES 6.5 Elasticsearch	3	495	December 26, 2018
Calculating time between two events from same request id Kibana	4	495	April 17, 2024
Visualization to view the difference of time for two events with a particular field value Kibana	3	2674	August 15, 2018
How to calculate the timestamp difference between two actions? Kibana	4	5114	July 6, 2018
Calculation time difference between two document Kibana	5	4860	April 29, 2019

Logs Timestamp

Related Topics