I have following Json records in Elasticsearch:
{
"endpoint": "bulk",
"application": "Interface",
"message": "Request finished",
"@version": "1",
"requestId": 18714,
"@timestamp": "2016-01-29T20:22:43.684Z",
},
"fields": {
"@timestamp": [
1454098963684
]
}
}
{
"endpoint": "bulk",
"application": "Interface",
"message": "Issuing Request",
"@version": "1",
"requestId": 18714,
"@timestamp": "2016-01-29T20:22:43.411Z",
},
"fields": {
"@timestamp": [
1454098963411
]
}
}
How should i write the query which can subtract the timestamps of "requestID=x issuing request" to "requestID=x request finished"?