Hi There,
I am a total newbie to the ELK stack. I have recently developed a logstash pipeline successfully for a custom log of an application and now i have the data on elasticsearch and indexed in kibana as expected. Now i have great challenge with creating a visualization for some data. The use-case is explained as below, please help if you can.
FYI : The log structure and the issues faced in stashing are listed out here.
Now, for those who are interested in just assisting with my issue;
I have events with a field type having value as Audit-IN and Audit-OUT in my index on a highlevel view. They have some similar fields and some different. Now there is a timehit field in both of the events and a field named as transactionid which will have the same value for both types. At any time, for a particular transactionid the Audit-IN will be the first and then follows the Audit-OUT with respect to time.
My use-case is to visualize all the transaction IDs are some selected ones and find the difference between the time stamps.
I am confused as to what type of visualization to be used and how to configure it.
The view of a Audit-IN document in kibana is as follows;
The view of a Audit-OUT document in kibana is as follows;
As per the above screen shot and the fields marked in green,
The time taken between the Audit-IN and Audit-OUT of the transactionid (0e90862318794eb587ed93ef800cf62d) is 359 ms.
Thanks & Regards
Kaushik Vankayala
