Does the Elapse plugin used in ELK to find the time difference uses only the default @timestamp (when the log is ingested to ES) or can we configure to log_time (timestamp from the log)?
My requirement is to find the time difference between two logs which is not input real time to elastic search.
I don't currently have the logs to check it, so will be great get a quick answer. Thanks in advance.
Not sure I understand, but it sounds like the documents you index have a field called 'log_time', but when you index those docs it adds '@timedtamp' field which has a different time in it.
If that is the case, there are two options for you, both will take the value for 'log_type' and copy it to @timestamp field at index time.
Either use logstash date filter https://www.elastic.co/guide/en/logstash/current/plugins-filters-date.html
or use ES ingest pipeline with date processor: https://www.elastic.co/guide/en/elasticsearch/reference/master/date-processor.html
