0

I have a log files from job execution that has time on each line. For Example:

11-9-2017 22:01:30: Begin
11-9-2017 22:01:32: line 2
11-9-2017 22:01:34: Line 3
.
.
11-9-2017 22:01:50: Finish

I have put this entire file in a LOGS field (indexed).

Now I want total time taken to execute this job.

How can I do this?

Eray Balkanli
  • 7,752
  • 11
  • 48
  • 82
Raj
  • 1
  • 1
  • this answer should help: https://stackoverflow.com/questions/37353365/calculating-time-between-events/37359000#37359000 – Val Nov 07 '18 at 03:50
  • The example in the link has a timestamp field in it and probably the difference is calculated before indexing if I am not wrong(Please correct me since I am very new to this), but the indexing that I have has the entire log file into just one field i.e. field named LOGS. So what I need to do to calculate the difference in the already indexed file? – Raj Nov 07 '18 at 16:20
  • No, in the example I shared the time difference is computed. See this example which is exactly what you have: https://www.elastic.co/guide/en/logstash/current/plugins-filters-aggregate.html#plugins-filters-aggregate-example1 – Val Nov 07 '18 at 16:38
  • I understand that this is done in Gork in logstash, but is it possible to write a query of this form in kibana? – Raj Nov 07 '18 at 17:58
  • No it's not done in grok, but in the `aggregate` plugin – Val Nov 07 '18 at 17:59
  • I am really sorry for being so naive but can I use this plugin in Kibana or it needs to be used on the logstash side? – Raj Nov 07 '18 at 18:23
  • You need to use it on the Logstash side, to add the `executionTime` field that you need and then you'll then be able to leverage it inside Kibana – Val Nov 07 '18 at 18:24

0 Answers0