Hi there, to do this you'll need to parse your Kafka timestamp into epoch time in milliseconds. I'm not sure of the format of your timestamp so you'll need to refer to the SimpleDateFormat docs for the correct pattern to use, but here's an example of how you'd like that:
def kafka = new SimpleDateFormat('YYYY-MM-DD:HH:mm:ss.SSS').parse(doc['kafka_timestamp'].value).getTime();
def spark_process_time = doc['spark_process_time'].value;
return spark_process_time - kafka_timestamp; // Difference between the two in milliseconds
You don't need to convert the spark process time because that will already be in epoch time in milliseconds (date field docs).
See this thread for more info and a link to the SimpleDateFormat docs: Converting a string date to a Date field using scripted fields in kibana