Get current time using ruby filter in logstash

sachintanpure85 · June 20, 2017, 11:00am

I need to add the filed value for my index as current time. like Updated_date column value as current time.
As reference of post :Add field timestamp with current time
we need ruby filter to create a field with the current time.

I am using :
ruby {
code => "event.set('Updated_date',event.get('@timestamp'));
}
but I am getting the result as the timeof data inserted into elasticsearch first time, not after updating the data .
how to create ruby filter to get the current time ?

jsvd · June 20, 2017, 11:07am

so, you have the current timestamp in @timestamp and you want to use that time value to name your indices? I'm not sure I understand

Your example takes the value from @timestamp and places it in a field called Updated_date. What does your elasticsearch output look like?

sachintanpure85 · June 20, 2017, 11:12am

I have another column in my index as ''amount'' , I am updating the amount value once or a twice a day . so the "Updated_date " column is for getting the last updated time for "amount".
the output of my script is a timestamp : 2017-06-15T09:46:56.415Z

jsvd · June 20, 2017, 11:42am

can you show me the elasticsearch output portion of the pipeline?

sachintanpure85 · June 20, 2017, 12:18pm

I am just printing the required columns in the output section after updating the amount values:
output{
stdout{
codec => line { format => "%{amount}|%{updated_date}"}
}
elasticsearch{
hosts => ["localhost:9200"]
user => "elastic"
password => "changeme"
index => "thresholds"
document_id => "%{issuer_id}"
doc_as_upsert => "true"
}
}

jsvd · June 20, 2017, 1:14pm

have you tried with action => "update" ?

sachintanpure85 · June 20, 2017, 1:27pm

No , I haven't tried. will action => "update" ? provide me the current timestamp(after updation) of the record?

jsvd · June 20, 2017, 2:10pm

I was only able to have a similar feature as what you wanted by creating explicit created_at and updated_at fields:

input { stdin { codec => json } }
filter {
  ruby {
    code => "event.set('updated_date', event.get('@timestamp'))"
  }
}
output {
  elasticsearch {
    action => update
    document_id => "%{my_id}"
    upsert => '{ "document_id": "%{my_id}", "value": "%{value}", "created_at": "%{@timestamp}", "updated_at": "%{@timestamp}" }'
  }
}

jsvd · June 20, 2017, 2:10pm

This gives me as:

{
  "_index": "logstash-2017.06.20",
  "_type": "logs",
  "_id": "hey",
  "_version": 2,
  "found": true,
  "_source": {
    "document_id": "hey",
    "value": 2,
    "created_at": "2017-06-20T14:07:45.868Z",
    "@timestamp": "2017-06-20T14:08:23.229Z",
    "my_id": "hey",
    "@version": "1",
    "host": "Joaos-MBP-5",
    "updated_date": "2017-06-20T14:08:23.229Z"
  }
}

after sending these two events:

{ "my_id": "hey", "value": 1 }
{ "my_id": "hey", "value": 2 }

system · July 18, 2017, 2:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Add current timestamp to a logstash_processed_at field Logstash	6	14635	December 29, 2017
Getting timestamp inside timestamp Logstash	13	579	November 10, 2021
Convert field containing a timestamp from string to a date / time or timestamp? Logstash	48	6586	April 6, 2021
Increment @timestamp with a float field Logstash	3	1111	June 12, 2018
Replace @timestamp to time from actual log file Logstash	12	1062	July 7, 2020

Get current time using ruby filter in logstash

Related Topics