fIlter by hour given timestamp

Hi,

I have a huge amount of logs and I want to only parse the data between specific hours. In each log I have a all day information and I want to extract the data in specific hours of the day.

I have a timestamp: "@timestamp" wich can be something like : "2017-08-08T09:01:22.000Z" .

In output I tried to do (just a screen printing):

output {
if ["@timestamp", ":%{HH}"]>12 AND ["@timestamp", ":%{HH}"]<01
stdout { codec => rubydebug }
}
}

What is wrong?

Best regards
Nuno

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.