Hi,
I need a help on filtering the negative values in below logstash IF condition. Below code calculates the elapsed time. Some times i used to get the negative values for elapsed_time. How can i filter those negative values of elapsed_time while sending to output to elasticsearch in Output section.
grok {
match => {"message" => "^%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:loglevel} %{INT:serviceno:NUMBER} --- %{DATA:service_type} : %{WORD:process_state} %{GREEDYDATA:data}"}
add_tag => [ "%{process_state}" ]
}
date {
match => [ "timestamp", "ISO8601"]
}
elapsed {
unique_id_field => "serviceno"
start_tag => "Initiating"
end_tag => "EventThread"
new_event_on_match => true
add_tag => ["gip"]
}
if "gip" in [tags] and "elapsed" in [tags] {
aggregate {
task_id => "%{serviceno}"
code => "map['report'] = [(process_state['elapsed_time']*1000).to_i]"
map_action => "update"
end_of_task => true
}
}
}
output {
elasticsearch {
hosts => ["hostname"]
index => "index_name"
}
}