Hello!
I am in the process of attempting to create a column which tells me the difference between the time the log was created in elastic (so the ingestion time stamp) and the timestamp against my IIS log(so the iis.access.time).
This is currently what i have in my SCRIPT pipline.
def ingested = ctx.event.ingested;
def created = ctx.iis.access.time;
ingested = ZonedDateTime.parse(ingested);
ctx.event.ingestionspeed = ChronoUnit.SECONDS.between(created, ingested);
Thank you in advance.
Hi
So while this is more a Elasticsearch topic, I try to help , didn't test, but I think you need also to parse ctx.iis.access.time before you can calculate the seconds between created and ingested?
BTW you could also do it with a runtime field:
but of course, doing it before document is ingested is better for performance.
Best,
Matthias
Hello - Thank you for your response.
I have managed to do what i needed in the end. by converting both to a datetime I was then able to compare the two and get the difference.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.