Using Elasticsearch to record network latency

We're looking to improve the way we record network latency between a server
and a client using Elasticsearch.

We have the following mapping in elasticsearch to record this information
(irrelevant keys have been omitted for brevity) :


"properties": {
"startTime": {
"type": "long",
"index": "not_analyzed"
"endTime": {
"type": "long",
"index": "not_analyzed"

This is our strategy for recording and running queries on the network

When the request is made from the client, we create a new NetworkEvent
document and record the start time. We then generate a unique tracking ID
and use that as the ID for the document:

curl -XPUT http://localhost:9200//NetworkEvent/

When the response comes back, we get the trackingID and update the
NetworkEvent document with the endTime. We're then able to do a script
query with 'endTime-startTime' to display analytics about network
transactions. This strategy was sort of roundabout but it was necessary due
to reasons I won't go into here.

The whole trackingID as the index name and having to update the document
was a previous requirement due to the way we were logging the data. We no
longer have this requirement and so now we would like to have network
requests and network responses as separate elasticsearch event types. The
problem is that this complicates the queries since the start time and end
times are no longer in the same document.

Any suggestions for recording this kind of data while still being able to
query the data efficiently?

You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit
For more options, visit