Hi, I have two terms in a log that we will call X and Y from date format. I want to send a query that will show me all logs that the value of (X-Y) is greater than 3 (seconds). How can I do this?

If your 2 related dates (start, end) are held on the same JSON document then your problem is simpler. Either use a script at query time to subtract (slower, harder for Kibana end users) or Reindex your content performing the subtraction at insert time (using custom app logic or ingest pipeline) M…

Query checking difference of two terms in a log

Elastic Stack Elasticsearch

Mark_Harwood (Mark Harwood) September 5, 2017, 10:29am 10

Wrong forum

I found this in the logstash forum that looks relevant: Logstash Ruby filter to subtract difference between two timestamps in single event

1 Like

Topic		Replies	Views
Comparing date/time from two different documents Kibana	9	3357	June 5, 2018
Subtract term X from Y on the same log? Logstash	2	2581	October 15, 2017
Time Difference between two logs Kibana	7	1438	October 7, 2022
Find items where difference between dates is x Kibana	4	320	November 20, 2019
Compare two field of different date Kibana	7	1373	April 30, 2018

Query checking difference of two terms in a log

Related topics