Combine two log and calculate the timestamp gap

Question

Is it possible to combine two log which has same related_id and both also has a timestamp field and compute time gap between their timestamp, right now I has extracted them and give them two label to mark their time and related_id low below format. So the purpose just to compute the lantency of this request

2023-07-19 00:00:00 request related_id 123
2023-07-19 00:00:05 response related_id 123

I want these two log can be combine into one

relate_id 123 latency 5s

Answer 1

Assuming your logs are properly parsed with promtail and have label set of related_id and type (for "request" or "response").

You can use query

last_over_time(timestamp({type="response"}) [1d:]) - on(related_id) last_over_time(timestamp({type="request"}) [1d:])

If it is guaranteed that between request and response never passes more than 5 minutes, this query can be simplified to

timestamp({type="response"}) - on(related_id) timestamp({type="request"})