Script Field in Kibana with Time Passed Since Timestamp

Ralph_Vigne · December 4, 2015, 2:59pm

Hi Experts,

I did quite an extensive search (Google and this forum) but to my surprise couldn't find anything.
If I just asked the question the wring way please point me to the right thread or something.

What I wanted to do is to have a script field in Kibana (v4) showing me the time passed since the time indicated in a timestamp field of document. While I know how to handle timestamp values I couldn't figure out how to get the 'Now' timestamp to calculate the time passed since.

To provide some context: I'm tracking state changes of jobs by parsing log files. Each time the state of a job changes I update the according ES document with a matching timestamp (e.g. queued, active, done).

Now what I want is a data table showing me the e.g. the 10 events which are the longest in each state. I'd like to do this as it should allow to spot "hanging" events very easily, as they will bubble to the top of the table very soon (as my execution times are usually very similar).

Any help is very much appreciated.

Cheers and have a good weekend,
Ralph

tbragin · December 9, 2015, 5:06am

The default language in scripted fields is Lucene expressions, which at this time does not handle date math. We are working on another scripting language that will do that, but it's still ways away. For now, you can specify and use Groovy in your scripted fields, but for that you'd need to enable dynamic sandboxing (which has vulnerabilities) or use static Groovy scripts.

Ralph_Vigne · December 9, 2015, 3:44pm

Hi Tanya,

thanks for responding. I'm not quite sure if we are talking about the same
thing here. The date math functionality is good enough for me i.e.
calculating the time delta of two timestamps works. Only thing I'm missing
is the 'now' time, by which I mean the time the query is executed.

When I do this programmatically, everything's fine because I know 'now' and
can calculate the delta, only in Kibana visualisations I don't know how to
get it. Is it maybe possible to get some sort of 'virtual field'
representing 'now' in the ES results? Then Kibana would be sufficient again.

Cheers,
Ralph

Topic		Replies	Views
Scripted Fields Date Math Kibana	16	7459	December 27, 2018
How to calculate timestamp difference using Kibana scripted field feature? Kibana kql-kibana-query-language	2	2187	October 8, 2020
Trying to apply filter on scripted field Kibana	7	6324	March 13, 2018
How 'old' are the documents? Kibana	2	365	November 2, 2020
Get the date right now Kibana	6	2043	January 31, 2018

Script Field in Kibana with Time Passed Since Timestamp

Related Topics