I am trying to calculate the time duration difference between two events tagged as start and stop. From message using grok pattern created two filters process id and process type which are common in both the messages and tagged one as start event and another as stop event. I am trying to visualise using data table to calculate the duration for each process using tags. Whats the best way to extract such time duration. Have tried using painless scripts but no luck, any help would be appreciated
Welcome to our community! 
There's a few examples of this in previous topics. If you have tried those and they aren't working, including the painless script you mention, then it'd be useful to understand what you tried and what the outcome was.
I have used elapsed logstash plugin to acheive this but instead of elapsed_time getting elapsed_end_without_start is this because i am using more than 1 worker nodes and i cant reduce worker nodes. i have also added field to get timestamp for process start and process end. I am getting timestamp for both in this format 2021-02-02T11:54:11.483Z. When i tried to get difference in timestamps with these painless scripts all are erroring out.
doc['proc_end'].value.getMillis() - doc['proc_start'].value.getMillis(),
doc['proc_end'].value.millis - doc['proc_start'].value.millis,
doc['proc_end'].value.toInstant().toEpochMilli() - doc['proc_start'].value.toInstant().toEpochMilli()
Can you please help to get timeduration from difference of those two events when time is in this format.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.