Should something like this work?
doc['timestamp'].value - doc['data.LOGON_TIME'].value;
I've tried numerous variations. Setting variables. using a return statement.
I basically just need to know how many milliseconds or seconds between these 2 fields.
I get this message in Discover:
Courier Fetch: 5 of 25 shards failed.
Hi @BrianBeaulieu,
you should be able to access the millisecond values as longs using doc['timestamp'].value.millis and doc['data.LOGON_TIME'].value.millis respectively.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.