I have filed TIME field and I would like to convert HHmmss to only Seconds.
e.g.
I would like to have a new field in which I can convert the duration to only Seconds with the formula (like [HOUR60 60 + MINUTE*60 + SECOND] )
I tried#mutate { add_field => {"xfbTransferDuration" => [HOUR60 60 + MINUTE*60 + SECOND] }}
But this does not work.
What is the possible to way to get the TIME in Seconds.
Input String: : CFTU20I Session active for 0:00:00
eperry
June 17, 2015, 7:19am
2
I think the solition for what you want to do is the ruby filter, but I don't have much experience in using it.
I find that the mutate filter is limited and every solution about "caculations' say to go to the ruby.
Hi,https://groups.google.com/forum/#!topic/logstash-users/iEYRv7bCqdM
I have searched the google groups of logstash and found a post asking almost the same kind of functionality. The proposed solution is as below
filter {
if [sendout_count] and [transport_time] {
ruby {
code => "event['per_sendout_transport_time'] = event['transport_time'] / event['sendout_count']"
}
}
}
In your example, i think , you can approach this as follows
filter {
if [HOUR] and [MINUTE] and [SECOND] {
ruby {
code => "event['timeInSeconds'] = event['HOUR']*3600+event['MINUTE']*60+event['SECOND']"
}
}
}
That way, you can get a field named > timeInSeconds. Hope this helps
2 Likes