Hello Team,
We have multiple logline for requestID & responseID. we need to identify which requestID & responseID come first and calculate difference between theses requestID time & responseID time.
Request Log:
OUT 2021-04-26 15:07:31.659151100 RequestID:p234
OUT 2021-04-26 15:07:32.789151100 RequestID:p234
OUT 2021-04-26 15:07:32.959151100 RequestID:p234
OUT 2021-04-26 15:08:33.059151100 RequestID:p234
OUT 2021-04-26 15:08:33.659151100 RequestID:p234
Response Log:
IN 2021-04-26 15:07:32.659151100 ResponseID:p234
IN 2021-04-26 15:07:33.659151100 ResponseID:p234
IN 2021-04-26 15:07:33.659151100 ResponseID:p234
IN 2021-04-26 15:07:34.659151100 ResponseID:p234
IN 2021-04-26 15:07:35.659151100 ResponseID:p234
We are combining requesttime & responsetime using below code:
if [RequestID]{
elasticsearch {
hosts => ["localhost:9200"]
index => "testindex"
add_tag => [ "test" ]
query => "RequestID:%{ResponseID} AND @timestamp:[now-2m/d TO now/d]"
fields => { "RequestTime" => "RequestTime" }
}
mutate {
add_tag => [ "es_filter_test" ]
}
}
Currently it is combining time for all request & response. But i need it only for first requesttime & responsetime.