I'm trying to make some basic monitoring for our test farm (currently evaluating if Kibana is an option for us).
Sometimes a test can hang which we currently do not detect. I was hoping to make something with Kibana that show me the "Time since last log/event". Lateron we could buy the watcher license for alerts.
I succeeded in making a metric and using top-hit I can display the timestamp of the most recent log message. I now want to do some basic math with it to display the difference between current system time and the timestamp.
I'm failing miserably at this, any input on where to look or help would be much appreciated.
You have probably been hitting a wall because this use case intentionally requires support for script parameters in Elasticsearch, because Elasticsearch does not support the ability to load now dynamically within scripts. Elasticserach does not support this because each field would see now differently, which would be both wasteful and lead to unpredictable differences.
However, what I would recommend is setting the Format of the field to Relative Date (under Index Patterns -> Edit the timestamp field).
Then, when Kibana displays that field, it will show it with a human-readable, relative time:
In order to display the same timestamp in different ways, you can use a script field or simply load it into the document multiple times for different purposes and apply different formats to each variation.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
