Ingest node (time) duration processor #39857
Description
Time duration's are often represented as Strings. Elasticsearch uses a simple way to define duration's. This is much simpler then the ISO durations.
This enhancement request is to create a duration processor that can read Elasticsearch's definition of duration's in String form and convert the that to a long type in the time period chosen. This processor would re-use Elasticsearch's time parsing and would be limited in scope to it's support. For example, since Elasticsearch does not currently support fractional duration's, neither would this processor.
An initial use case for this is for use of ingesting Elasticsearch's own logs which can log with duration's defined in this manner. For example, beats currently uses a custom painless script to handle this: https://github.com/elastic/beats/pull/9603/files#diff-0e8149f64b561ec89a4f9a01077b6f25R38. The introduction of this processor would allow for them to remove that custom code.
Future versions may be able to read ISO duration's too, but is out of scope for this request.
For example:
{
"duration": {
"field": "time.spent",
"to_period": "seconds",
"target_field": "time.duration_in_seconds"
}
}
Could convert "1d" -> 86400