LeeDr
June 24, 2019, 5:19pm
2
Hi Priti,
This is actually rather difficult to do in Kibana. One way is by getting the data into an entity-centric index in Elasticsearch. What this means is that instead of having a time-based index where each event is indexed into Elasticsearch you would have one document per JobID and those documents would get updated with the time for each status and duration.
So I am logging a bunch of logs of a big and mediumly complex workflow. This workflow is a graph and can take different paths based on the inputs or a particular workflow step's output. When the workflow is created a workflow id is generated, and is logged with the timestamp.
Now I am taksed with calculating the average time it takes for the workflow to reach a workflow step X. What is the best way to achieve this?
In my research so far, I have come across elapsed filter and this suggestion o…
Here's the only "solution" I know of that could work directly in Kibana using Advanced JSON field in a Kibana visualization. But if you have a large index, the performance could be a problem;
You can actually do this if you query Elasticsearch directly by using a script on a date_histogram aggregation which adds the call document to all the buckets from the start_time to start_time + duration. The following gist contains a Sense recreation that details what I mean: https://gist.github.com/jpountz/cebb8452648c36099cee
As for doing this in Kibana, I know it's possible to run scripts in Kibana for some actions but I'm not sure if this would be possible, maybe someone more familiar with…
Related links;
HI @MariumHassan this is my script
input {
elasticsearch {
hosts => "http://192.168.55.213:9200"
index => "test_index"
}
}
filter {
aggregate {
task_id => "%{logTimestamp}"
code => "
map['logTimestamp'] = event.get('logTimestamp');
map['timeDifference']= (Time.parse(event.get('logTimestamp')).to_f -
Time.parse(map['previousTime']).to_f).round(4);
map['previousTime'] = event.get('logTimestamp');
"
}
}
output {
elasticsearch {
document_id => "%{logTimestamp}"
document_typ…
I need to calculate the difference in time between 2 log lines for http code 200. The difference should be done for a unique id. Please find the log line below.
2018/01/16 00:13:44.890 [HCServiceImpl] [**qtp5720769-243**]: AUDIT- INFO: Request received : /mdp/content?sourceType=cid&pset=mdp%3Ano-presentation&filter%3AcontentId=cid%3A%2F%2Fprogramid%253A%252F%252F2090543776%23programid%253A%252F%252F1264605229
2018/01/16 00:13:44.897 [HCServiceImpl] [**qtp5720769-243**]: AUDIT- INFO:…
hi there
is there anyway to calculate time difference between two logs with uniqueid?
eg i create fields log_timestamp, log_type, user_id, mobile_no, etc., below logs
2018-09-19 09:24:57,113 (null) 21 WARN : Test :: vh1o4ctmdpn3aft53o5nx0nh :: User Req : <UserRequest><version>9.7</version><userID>458458000000018</userID><userCode>2C10000299</userCode><desc>123456</desc><desc>123456</desc><mobileNo></mobileNo></UserRequest>
2018-09-19 09:24:57,453 (null) 21 WARN : Test :: vh1o4ctmdpn3aft53o5n…