I need suggestion to write a search query to calculate a difference between the timestamps for the same event. Following is the sample of the event from the file. Each event can have multiple lines, those are not fixed.
A = First I want to get the value "2014-10-18T04:10:06.303Z" from the line which contains "GET /search".
B = Then I want to read the value "2014-10-18T04:10:06.189Z" from the line which contains "OPTIONS /search"
Then Result = A - B. which is in this case will be 114 millisecond.
{"name":"Test API","hostname":"ip-XXX-XX-XX-XX","pid":8453,"level":30,"msg":"Server started running on 9080","time":"2014-10-18T04:07:46.991Z","v":0}
{"name":"Periscope API","hostname":"ip-XXX-XX-XX-XX","pid":8464,"level":30,"msg":"Server started running on 9080","time":"2014-10-18T04:08:50.242Z","v":0}
{"name":"Test API","hostname":"ip-XXX-XX-XX-XX","pid":8469,"level":30,"msg":"Server started running on 8080","time":"2014-10-18T04:09:57.734Z","v":0}
{"name":"Periscope API","hostname":"ip-XXX-XX-XX-XX","pid":8469,"level":30,"msg":"OPTIONS /search/test/cursor/initial/size/1000","time":"2014-10-18T04:10:06.189Z","v":0}
{"name":"Periscope API","hostname":"ip-XXX-XX-XX-XX","pid":8469,"level":30,"msg":"GET /search/test/cursor/initial/size/1000","time":"2014-10-18T04:10:06.303Z","v":0}
{"name":"Periscope API","hostname":"ip-XXX-XX-XX-XX","pid":8469,"level":30,"query":"test","cursor":"initial","return":"_all_fields","queryParser":"simple","size":"1000","msg":"","time":"2014-10-18T04:10:06.309Z","v":0}
... View more