Logs Timestamp

PritiS · June 18, 2019, 9:04am

Hi ,

I am trying to fetch total timings taken by a Job from Status A to Status B from logs, extracted Log timestamp column,status, jobid from logs in Kibana, How can we extract the total time taken by the Job ID and visualize this in Kibana graph,
Can you please provide support..

Thank you,
Priti

LeeDr · June 24, 2019, 5:19pm

Hi Priti,

This is actually rather difficult to do in Kibana. One way is by getting the data into an entity-centric index in Elasticsearch. What this means is that instead of having a time-based index where each event is indexed into Elasticsearch you would have one document per JobID and those documents would get updated with the time for each status and duration.

Here's the only "solution" I know of that could work directly in Kibana using Advanced JSON field in a Kibana visualization. But if you have a large index, the performance could be a problem;

Related links;

shwesinhan · June 25, 2019, 8:47am

Hi PritiS

Do you use logstash and realtime log shipping? If so, lucky you.

I solved by using logstash grok filter and elapsed filter.
For instance, let me share how to do

make start point for Status A log
make end point for Status B log
then connect start point and end point using by unique id (eg: jobid)

if "StatusA" in [message] {
grok {
match => { "message" => [ "grok pattern for your StatusALog. Let's say you will get status, jobid"]}
add_field => { "log_type" => "StatusA" }
add_tag => ["status_a"]
}
}

else if "StatusB" in [message] {
grok {
match => { "message" => [ "grok pattern for your StatusBLog. Let's say you will get status, jobid"]}
add_field => { "log_type" => "StatusB" }
add_tag => ["status_b"]
}
}

elapsed {
start_tag => "status_a"
end_tag => "status_b"
unique_id_field => "jobid"
periodic_flush => true
timeout => 2100
}

You will see elapsed_time, elapsed_timestamp_start fields at StatusB log in kibana. elapsed_time is different timestamp of StatusA and StatusB. elapsed_time field is float type. It's cool.
Then visualize it. I use TimeLion visualization. Here is my sample.
Y-axis : elapsed_time (in sec)
X-axis : time

But plz note that elapsed_time values are only accurate at same CPU.
If pipeline.workers: 1, the result will accurate.
If pipeline.workers: 2, the result won't accurate.

system · July 23, 2019, 8:47am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Correlation or calculating time difference between log entries using BI tool with ES 6.5 Elasticsearch	3	497	December 26, 2018
Creating new scripted field to showing time difference between 2 log lines Kibana	4	2201	November 27, 2020
Serial difference of timestamps between documents Elasticsearch	1	657	April 18, 2019
Time Difference between two logs Kibana	7	1437	October 7, 2022
Calculate time difference between two different record timestamps Elasticsearch	3	3034	July 18, 2018

Logs Timestamp

Related topics