使用logstash解析日志文件，下面是发送到elasticsearch的json，如下所示：
对于包含事务开始时间的日志行，我添加了带有记录时间的db\u transaction\u commit\u begin\u time字段。

{
                           "message" => "2015-05-27 10:26:47,048  INFO [T:3 ID:26] (ClassName.java:396) - End committing transaction",
                          "@version" => "1",
                        "@timestamp" => "2015-05-27T15:24:11.594Z",
                              "host" => "test.com",
                              "path" => "/abc/xyz/log.logstash.test",
                "logTimestampString" => "2015-05-27 10:26:47,048",
                          "logLevel" => "INFO",
                        "threadInfo" => "T:3 ID:26",
                             "class" => "ClassName.java",
                              "line" => "396",
                        "logMessage" => "End committing transaction",
    "db_transaction_commit_begin_time" => "2015-05-27 10:26:47,048"
}

对于包含事务结束时间的日志行，我添加了带有记录时间的db\u transaction\u commit\u end\u time字段。

{
                           "message" => "2015-05-27 10:26:47,048  INFO [T:3 ID:26] (ClassName.java:396) - End committing transaction",
                          "@version" => "1",
                        "@timestamp" => "2015-05-27T15:24:11.594Z",
                              "host" => "test.com",
                              "path" => "/abc/xyz/log.logstash.test",
                "logTimestampString" => "2015-05-27 10:26:47,048",
                          "logLevel" => "INFO",
                        "threadInfo" => "T:3 ID:26",
                             "class" => "ClassName.java",
                              "line" => "396",
                        "logMessage" => "End committing transaction",
    "db_transaction_commit_end_time" => "2015-05-27 10:26:47,048"
}

在threadinfo相同的情况下，是否可以计算db transaction的时间（db\u transaction\u commit\u end\u time-db\u transaction\u commit\u begin\u time）？。我知道聚合可能会有帮助，但我是新来的，想不通。
如果我以某种方式计算了db\u事务\u时间并将其存储在一个变量中。我怎样才能在kibana图表中形象化时间？