Subtract timestamps from logs basis a field and show as a view on dashboard

Murali_Y · October 29, 2022, 8:06am

Apologies for reposting this. As a newbie to Kiabana, I couldn't achieve the earlier proposed solution from Kibana views. Can someone please guide me how and where to add equation or add code to achieve below? Any snippet would really help.

My logs are having below 2 entries:

@timestamp:Sep 10, 2022 @ 20:11:42.677 fingerprint:2222-605819443b6 Item_Name:069931601477 jobId:4444-ff-4555 level:Info levelOrdinal:2 logF_BusinessProcessName:Test logType:User machineId:111 machineName:hostname1 message:test | ProcessCode : 10000 rawMessage:{"message":"test| ProcessCode : 10000","level":"Information","logType":"User","timeStamp":"2022-09-10T20:11:42.6778335+05:30"

@timestamp:Sep 10, 2022 @ 20:11:46.531 fingerprint:2322-44444444 Item_Name:069931601477 jobId:4444-ff-4555 level:Info levelOrdinal:2 logF_BusinessProcessName:Test logType:User machineId:111 machineName:hostname1 message:test | ProcessCode : 10000 rawMessage:{"message":"test| ProcessCode : 10000","level":"Information","logType":"User","timeStamp":"2022-09-10T20:11:46.531895+05:30"

I need to subtract timestamps of above 2 entries based on the 'ProcessCode' field in seconds. And create view for it.

Please suggest. TIA.

Regards.

Marius_Dragomir · November 3, 2022, 4:38pm

It should work with a "Difference" function in the Lens visualization and a Group by "processCode".

Murali_Y · November 6, 2022, 5:23pm

@Marius_Dragomir Thanks for your response. Can you please provide me more details on where and what exactly I should do with my aboven2 log entries?
I tried few things but couldn't solve it with my limited knowledge at this moment.
Thanks.

Anil_Alapati · November 7, 2022, 6:58am

Hi Marius,

May I know what is processcode, is it something that gets logged by default?

system · January 29, 2023, 11:09am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.