Kibana visualization for time difference

Hi ,
I have Request Response Integration logs with correlation ID in both request and response logs.
5c023e43-b695-407b-ac17-1f85d10ec9e4 RP401 OPT OrderId 11087766 (Request)

5c023e43-b695-407b-ac17-1f85d10ec9e4 RS401 OPT OrderId 11087766 (Response)
And elasticsearch timestamp field as well. And the first field is the CorrelationId and format JSON is like below

“_index”: “applicationlogs”,

“_type”: “applicationlogs”,

“_id”: “AWEIM3fktvuk7rH85tyK”,

“_version”: 1,

“_score”: null,

“_source”: {

@Akansh”: “2018-01-18T07:37:26.210Z”,

“system”: “OPT”,

“messagetype”: “RS401”,

“businessIdType”: “OrderId”,

“CorelationId”: “5c023e43-b695-407b-ac17-1f85d10ec9e4”,

@Supriti”: “1”,

“businessId”: “11087766”,

“message”: “5c023e43-b695-407b-ac17-1f85d10ec9e4 RS401 OPT OrderId 11087766”,

“type”: “applicationlogs”,

“tags”: [




“fields”: {

@Akansh”: [




“sort”: [



Now my requirement is to find out the time difference between Request and Response and based on that , I want to create some Visualization.
Can someone please help ?

I can’t think of a way to do this without further enriching your data prior to indexing in Elasticsearch. Are you able to add a step prior to indexing that adds the time difference to the document corresponding to the response?

Hi ,
Since this is a request reply async pattern , my one process sending request , so I am logging the request time and another process receiving response , then I am logging the response time. The common field is the correlation Id , which I am sending in both logs. So it will be two log statement received in two different time.
My pipeline is like below
Application --> Kafka topic --> Logstash --> Elasticsearch --> Kibana
I am sending this logs via Logstash using Grok filter to parse . I was searching a solution using elasticsearch query , and then wanted to show the visulaization in Kibana.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.