Elapsed filter error

il.bert · September 21, 2016, 2:00pm

Hi everybody, I'm trying to use the elapsed filter but I think it has a bug

this is my -cleaned- result

"@timestamp": "2016-09-20T01:52:21.000Z",
"tags": [
  "elapsed",
  "elapsed_match"
],
"elapsed_time": 128143.655,
"elapsed_timestamp_start": "2016-09-20T01:51:18.000Z"

as you can see between the two timestamps only 66s passed
instead the result is 128143 which are actually the seconds between the start_event timestamp and the submission of the end_event

both the events were submitted to logstash at 21 Sep 2016 13:27:01 GMT in a single block

It seems to me that it is using the timestamp of the start_event (correct) but the submission time of the end_event (wrong) I expect it to use the timestamp in both of them. Why is it having such a strange behavior?

il.bert · September 21, 2016, 2:22pm

my fault

i was actually applying elapsed filter after changing the timestamp of the event with the one I parse

Topic		Replies	Views
Help with elapsed time Logstash	6	3294	July 6, 2017
Elapsed filter inquiry Logstash	5	927	July 31, 2017
Elapsed time filter is not calculating the time correctly Logstash	3	609	November 9, 2021
Elapsed filter. Broken? Logstash	2	608	April 28, 2017
Logstash Elapsed filter Logstash	1	162	December 8, 2020

Elapsed filter error

Related topics