Hi,
We have some log files which is dynamic in pattern. We would like to filter the logdate field as, whenver the value is null, then that value should be equal to current timestamp less 6hrs.
In sql, its the same as
ISNULL(logdate,dateadd(hour,logdate,6))
I would like to know how can i accomplish this.
TIA
Nver mind. The workaround we did is to use ruby filter. See below.
ruby {
init => "require 'time'"
code => "event.set('logdate', Time.now() - 6*60*60);"
}© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.