Hello all,
My logs are having below 2 entries:
@timestamp:Sep 10, 2022 @ 20:11:42.677 fingerprint:2222-605819443b6 Item_Name:069931601477 jobId:4444-ff-4555 level:Info levelOrdinal:2 logF_BusinessProcessName:Test logType:User machineId:111 machineName:hostname1 message:test | ProcessCode : 10000 rawMessage:{"message":"test| ProcessCode : 10000","level":"Information","logType":"User","timeStamp":"2022-09-10T20:11:42.6778335+05:30"
@timestamp:Sep 10, 2022 @ 20:11:46.531 fingerprint:2322-44444444 Item_Name:069931601477 jobId:4444-ff-4555 level:Info levelOrdinal:2 logF_BusinessProcessName:Test logType:User machineId:111 machineName:hostname1 message:test | ProcessCode : 10000 rawMessage:{"message":"test| ProcessCode : 10000","level":"Information","logType":"User","timeStamp":"2022-09-10T20:11:46.531895+05:30"
I need to subtract timestamps of above 2 entries based on the 'ProcessCode' field in seconds. And create view for it.
Please suggest. TIA.
Regards.