I have the following query:
filename="log_file_name.log"} | json |= `request_id`
This gives me all logs with a request_id
parameter. Which is great. What I’m having trouble with is calculating time between requests. My JSON has the following fields: Category
(Value can be either Request
or Response
), a request_id
(which is the same for each Req/Resp
pairing) and a standard timestamp like so: 2025-01-15T15:55:51.963901+00:00
under a field labeled timestamp.
What I’m trying to do is basically for each unique request_id
, calculate the time between the request and it’s relevant response. (So the response
timestamp minus the request
timestamp) (There is also a tsNs
field if it’s easier to work with raw numbers)
How can I accomplish this? I feel like it should be possible but unsure how to manipulate/go about doing so.
The goal is basically a line chart to show response times over whatever the selected timeframe is.