Calculate time delta between events

(Matt Gagliardi) #1

Is there a method to calculate the time difference between two logged events? For example if event #1 occurred at 00:00:01 and event #7 occurred at 00:00:23 to do some math and determine that 22 seconds elapsed between those 2 events?

(Jochen) #2

That’s unfortunately not possible with Graylog out of the box.

(Matt Gagliardi) #3

Thanks for the reply jochen. Can you give me an idea of what path I’d need to go down to get this to work? Is this a matter of doing something with a pipeline or would I need to get deeper than that? I know that I can do this with elapsed in ELK and transaction in Splunk but I’m really liking Graylog and would much prefer to stick with it. TIA!

(Jochen) #4

You could write a script running multiple search queries using the Graylog REST API and use the response to calculate the values you’re interested in.

(Matt Gagliardi) #5

Beautiful, thank you very much for the insight. I really appreciate it.

(system) #6

