for extracting hour and weekday from Activity-Time field the logstash snippet is as below:
date{
match => [ "Activity-Time", "yyyy-MM-dd HH:mm:ss" ]
target => "Activity-Time-New"
add_field => {"hour" => "%{+HH}"}
add_field => {"weekday" => "%{+EEE}"}
}
But by default it takes UTC time only @timestamp one , can you please guide what additional is required as i need to extract hour and weekday from Activity- Time, below is its format, and kibana snapshot i have attached
2020-06-03 03:30:50
This might help:
and I think that you need to write .time.localtime if you don't want to use UTC for the hour and weekday, but your local timezone.
@Jenni Please check the below code where i am doing wrong please guide
ruby {
code => "event.set('read_time' , event.get('Activity-Time').time.localtime.strftime('%Y-%m-%d %H:%M:%S'))"
}
date{
#match => [ "Activity-Time", "yyyy-MM-dd HH:mm:ss" ]
#target => "Activity-Time-New"
add_field => {"hour" => "%{+HH}"}
add_field => {"weekday" => "%{+EEE}"}
}
I hope now there is no need of match and target row, please check if syntax is correct as it is still not working there is something wrong. Please guide
What I meant it that you should use the Timestamp object (in the field Activity-Time-New) that you had already created with your date filter and then use strftime in ruby to create the two additional fields based on that instead of using add_field => ….
@Jenni I tried the same but still i am getting UTC time and weekday, not the local one, please guide me where i am doing the mistake in code, please guide me syntax wise:
date{
match => [ "Activity-Time", "yyyy-MM-dd HH:mm:ss" ]
target => "Activity-Time-New"
}
ruby {
code => "event.set('read_time' , event.get('Activity-Time-New').time.localtime.strftime('%Y-%m-%d %H:%M:%S'))"
add_field => {"hour" => "%{+HH}"}
add_field => {"weekday" => "%{+EEE}"}
}
I meant …strftime('%a') and …strftime('%H') so you could create the two fields with two lines of ruby code.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
