I'm logging transaction steps in to logstash. Steps can be logged from multiple hosts depending on the function. Each of the steps can be tied together with a transaction id. How do I calculate the entire transaction duration and chart the average transaction duration over time? If all the steps were coming from a single host, I realize I could use logstash's elapsed function, but since the steps can come from multiple hosts, I can't tie them together that way.
Hi Bill,
I had no clue on how to help you. So I got help from the Kibana viz team.
Unfortunately, this isn't possible in any of the available visualizations in the Kibana UI.
You can compute the min and max time using a sibling-aggregation (min/max) on that transactionId. So, you will have to write a sibling aggregation script in ES which does this.
https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-pipeline.html
But as I mentioned before Kibana UI can't do this.
Thanks,
Bhavya
As documents can come from different sources, I suspect the best way to tackle this would be by creating an entity-centric index for the transactions and periodically retrieve all newly inserted documents and update these. If dine through a periodic batch job it will not be real-time, but if you have large volumes of data this is often preferable compared to updating the entity-centric index on very insert, which is also a possibility.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.