I'm trying to calculate the time difference between two specific types of messages coming out of Logstash. I've read the post: Calculate the time difference between consecutive documents and I've successfully implemented a ruby script in my logstash filter configuration that achieves that.
However, I wonder if all of this could have been achieved with an aggregation query within Kibana.
Which is the most efficient way of doing this?
By adding to Logstash's filter configuration, I have the feeling that I'm doing something wrong, adding meta information at that time.