2

I am very new to Painless. I want to write a simple script to get the time difference between @timestamp and T1 in milliseconds.

I have tried using the doc['somefield'].value and doc['somefield'].date.millis and I am able to access @timestamp but not T1.

Any help will be highly appreciated! I have posted the sample data source below: 

{
  "_source": {
    "@timestamp": "2018-11-06T00:20:08.802Z",
     "fields": {
      "T1": "2018-11-06T00:20:07.862Z",
    }
  }
Saurav Tripathy
  • 31
  • 1
  • 4
  • What kind of script? Are you trying to create a scripted field? Can you share what you have so far? – Val Nov 06 '18 at 19:12
  • Yes, I am trying to create a scripted field using Painless to visualize the same in Kibana. I have used doc['@timstamp'].date.millis to extract the millisec value from @timestamp. I need to do the same for T1 and then take the difference of the two time values. doc['T1'].date.milliesec or doc['fields.T1'].date.milliesec does not work. Any ideas how to get around it? – Saurav Tripathy Nov 06 '18 at 19:18

2 Answers2

2

You can create a script field that return the different between @timestamp and fields.T1 like this:

POST your-index/_search
{
  "script_fields": {
    "diff": {
      "script": {
        "source": """
          def ts = Instant.parse(params._source['@timestamp']);
          def t1 = Instant.parse(params._source.fields.T1);
          return ChronoUnit.MICROS.between(ts, t1);

        """
      }
    }
  }
}
Val
  • 207,596
  • 13
  • 358
  • 360
1

You can define start and stop values and return the difference:

def start = doc['start_event'].date.getMillis();
def stop = doc['stop_event'].date.getMillis();
return stop - start;

enter image description here

Vladi Peled
  • 19
  • 1