ResponceTime data discrepancy in packetbeats records

We are monitoring nginx traffic using packetbeats we are getting lots of information which is helping in figuring out what are the bottle necks in our applications but the response time to serve a request is different in nginx logs and in packetbeats data on elasticsearch/Kibana.

I am not sure whether responsetime can be trusted in this case but profiling totally depends on application response time which is always higher in packetbeats data as compare to nginx logs.

Please let us know how exactly this responsetime being computed in http or any other protocol and how can we solve this problem.

Thanks,
Suraj

You have some sample response times? What's the exact difference?

Response times are compute by the packet receive time differences. If an http request or response is split into multiple packets, the time of last packet the message is contained is used.

The packet timestamps are generated by the sniffer module, e.g. the linux kernel if the af_packet module is used.

Is packetbeat running on same machine nginx is running on? Is nginx used as proxy? You only measure response time on server?