使用logstash解析日志文件,这里是发送到elasticsearch的json,如下所示:
对于包含事务开始时间的日志行,我添加db_transaction_commit_begin_time字段及其记录时间。
{
"message" => "2015-05-27 10:26:47,048 INFO [T:3 ID:26] (ClassName.java:396) - End committing transaction",
"@version" => "1",
"@timestamp" => "2015-05-27T15:24:11.594Z",
"host" => "test.com",
"path" => "/abc/xyz/log.logstash.test",
"logTimestampString" => "2015-05-27 10:26:47,048",
"logLevel" => "INFO",
"threadInfo" => "T:3 ID:26",
"class" => "ClassName.java",
"line" => "396",
"logMessage" => "End committing transaction",
"db_transaction_commit_begin_time" => "2015-05-27 10:26:47,048"
}
对于包含事务结束时间的日志行,我添加db_transaction_commit_end_time字段及其记录时间。
{
"message" => "2015-05-27 10:26:47,048 INFO [T:3 ID:26] (ClassName.java:396) - End committing transaction",
"@version" => "1",
"@timestamp" => "2015-05-27T15:24:11.594Z",
"host" => "test.com",
"path" => "/abc/xyz/log.logstash.test",
"logTimestampString" => "2015-05-27 10:26:47,048",
"logLevel" => "INFO",
"threadInfo" => "T:3 ID:26",
"class" => "ClassName.java",
"line" => "396",
"logMessage" => "End committing transaction",
"db_transaction_commit_end_time" => "2015-05-27 10:26:47,048"
}
是否可以计算db transaction相同的db事务的时间(db_transaction_commit_end_time - db_transaction_commit_begin_time)?我知道聚合可能有所帮助,但我是新手,无法弄明白。
如果我以某种方式计算出db_transaction_time并将其存储在变量中。我如何可视化kibana图表中的时间?