Hi,
I have an ELK who collect the logs of a firewall, in this log i have à field duration who is actually a data type, but i would like to make a sum of all this duration by user, i haven't idea of how i can do this trick someone can help me ?
Should i change the type of my duration for time type (HH:MM:SS) ?
Thx in advance
I think I understand your setup but, just to be clear, would you mind sharing your index mapping? You can get the mapping for your index by issuing a GET <index name> HTTP request to any Elasticsearch node.
Without seeing your mapping, my guess at this point is that you are correct: you will want to change the type of the duration field to an integer or long and have it store number of seconds or milliseconds (depending on the precision you desire).
Hi, i've found another solution i've identied two type of request on my cisco asa, the two types mean the start of VPN connection and the end , how can i make a scripted field to return the duration of the connection ? Thx in advance
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.