[12:54:32] <hashar>	 hi! I have a question about ECS format to log a duration.  From https://doc.wikimedia.org/ecs/#field-event-duration  I have found `event.duration`  which is a duration in nanoseconds of type: long.
[12:55:00] <hashar>	 I got scap to send it using `seconds * 10^9`  and the event is recongized by ElasticSearch as being a number. An example is https://logstash.wikimedia.org/app/discover#/doc/0fade920-6712-11eb-8327-370b46f9e7a5/ecs-1.7.0-5-default-2022.14?id=kzaR-X8BxNOh7eZ4bM4c  which has: `event.duration = 8,803,117,990`
[12:55:20] <hashar>	 which is in nanoseconds but is otherwise a `Number`
[12:55:55] <hashar>	 so I am wondering if there is a field type for a duration so I can potentially write a query that would look for any `event.duration > 1hour` or something similar
[12:58:59] <hashar>	 maybe I am looking for the equivalent of MySQL `TIME` type, but there does not seem to be such a thing in ElasticSearch
[12:59:47] <hashar>	 or I should simply get the Kibana visualization configured to consider `event.duration` to be nanoseconds
[13:03:35] <dcausse>	 hashar: you want a 'duration' data type? I don't think this exists, you should use "long" it supports range queries
[13:04:03] <hashar>	 yeah that is mapped to `long` :]
[13:04:22] <hashar>	 I kind of expected Kibana to show me the event.duration in a human friendly manner when looking at the log entry
[13:04:44] <hashar>	 much like a unix timestamp is shown as a human date
[13:05:09] <hashar>	 but looks like es only knows it is a `long` and thus kibana just format it as a number (the us way with comma separators)
[13:05:20] <hashar>	 dcausse: thx ;)
[13:06:04] <dcausse>	 np, maybe there are ways to make kibana a bit smarter but this idk :/
[13:06:25] <hashar>	 I will first try to craft a visualization :-]