Is it possible to create a message using values from two other messages in Graylog using only graylog's default functionality (such as pipelines and streams)?
For example, if two messages arrive in graylog 30 seconds apart:
{
message:"view enter",
timestamp:"2018-01-01 10:10:00.00"
},
{
message:"view leave",
timestamp:"2018-01-01 10:10:30.00"
}
I would like to create a third message with a field showing the difference between the two timestamp fields.
{
message:"view visit duration",
duration:30
}
