我的Elasticsearch中有以下两个文档:
第一:
{
"_index": "logs",
"_type": "_doc",
"_id": "57ac3ac0-fbdd-11e9-b7f3-1fb58bbc936f",
"_version": 1,
"_score": 0,
"_source": {
"id": "57ac3ac0-fbdd-11e9-b7f3-1fb58bbc936f",
"clientId": "1511",
"host": "worker_4.api-network-driver",
"startTime": "2019-10-31T12:52:48.876Z",
"transactionId": "57ab7770-fbdd-11e9-b7f3-1fb58bbc936f"
},
"fields": {
"startTime": [
"2019-10-31T12:52:48.876Z"
]
}
}
第二
{
"_index": "logs",
"_type": "_doc",
"_id": "5bb8e960-fbdd-11e9-b7f3-1fb58bbc936f",
"_version": 1,
"_score": 0,
"_source": {
"id": "5bb8e960-fbdd-11e9-b7f3-1fb58bbc936f",
"clientId": "1511",
"host": "worker_4.api-network-driver",
"transactionId": "57ab7770-fbdd-11e9-b7f3-1fb58bbc936f",
"endTime": "2019-10-31T12:52:55.670Z"
},
"fields": {
"endTime": [
"2019-10-31T12:52:55.670Z"
]
}
}
而且我不知道如何在Kibana中加入这两个文档(使用transactionId做到这一点)并用单杠表示,从而使startTime和endTime之间的差异以秒为单位。