I need to add the filed value for my index as current time. like Updated_date column value as current time.
As reference of post :Add field timestamp with current time
we need ruby filter to create a field with the current time.
I am using :
ruby {
code => "event.set('Updated_date',event.get('@timestamp'));
}
but I am getting the result as the timeof data inserted into elasticsearch first time, not after updating the data .
how to create ruby filter to get the current time ?
so, you have the current timestamp in @timestamp and you want to use that time value to name your indices? I'm not sure I understand
Your example takes the value from @timestamp and places it in a field called Updated_date. What does your elasticsearch output look like?
I have another column in my index as ''amount'' , I am updating the amount value once or a twice a day . so the "Updated_date " column is for getting the last updated time for "amount".
the output of my script is a timestamp : 2017-06-15T09:46:56.415Z
can you show me the elasticsearch output portion of the pipeline?
I am just printing the required columns in the output section after updating the amount values:
output{
stdout{
codec => line { format => "%{amount}|%{updated_date}"}
}
elasticsearch{
hosts => ["localhost:9200"]
user => "elastic"
password => "changeme"
index => "thresholds"
document_id => "%{issuer_id}"
doc_as_upsert => "true"
}
}
have you tried with action => "update" ?
No , I haven't tried. will action => "update" ? provide me the current timestamp(after updation) of the record?
I was only able to have a similar feature as what you wanted by creating explicit created_at and updated_at fields:
input { stdin { codec => json } }
filter {
ruby {
code => "event.set('updated_date', event.get('@timestamp'))"
}
}
output {
elasticsearch {
action => update
document_id => "%{my_id}"
upsert => '{ "document_id": "%{my_id}", "value": "%{value}", "created_at": "%{@timestamp}", "updated_at": "%{@timestamp}" }'
}
}
This gives me as:
{
"_index": "logstash-2017.06.20",
"_type": "logs",
"_id": "hey",
"_version": 2,
"found": true,
"_source": {
"document_id": "hey",
"value": 2,
"created_at": "2017-06-20T14:07:45.868Z",
"@timestamp": "2017-06-20T14:08:23.229Z",
"my_id": "hey",
"@version": "1",
"host": "Joaos-MBP-5",
"updated_date": "2017-06-20T14:08:23.229Z"
}
}
after sending these two events:
{ "my_id": "hey", "value": 1 }
{ "my_id": "hey", "value": 2 }
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.