Min start time, max end time difference for a number of entries?

carstenk · March 7, 2016, 7:35pm

I did a bit of searching and I think this is what I might be after

however I am very new to kibana, to I am unsure if this can be achieved in any other way.
say I have a series of entries like so

type: a start: 3 end: 7
type: a start: 2 end: 5
type: b start: 1 end: 3
type: b start: 8 end: 9

now I want to get the difference (duration) between the min start and the max end per type, yielding something like this

type: a min start: 2 max end: 7 duration: 5
type: b min start: 1 max end: 9 duration: 8

while I can easily create the first 3 columns in a bar chart table view, I am struggling to get the last column to work directly in kibana (exporting the table to excel and doing the visualization there of course is simple, but its a workflow I'd like to avoid if possible)

thanks for any hints, pointers, suggestions!

cheers,
carsten

Joe_Fleming · March 8, 2016, 12:32am

Yes, I believe pipeline aggs are what you'll need to calculate that duration value. Unfortunately, Kibana doesn't yet support pipeline aggs.

If you can control the data going in, you could calculate that number at index time, and then you'd be able to use it. Short of that, there's not currently a way to do this in Kibana.

JuanCarniglia · March 9, 2016, 10:42pm

I did something similar using a logstash filter called something like datediff... Basically abstracts the date of document B from document A and adds a tag with the time difference in ms.

I'll look into it and give you more detail.