Discuss the Elastic Stack

Hot to get a duration value extracted from field message into an new field

Elastic Stack Elasticsearch

sklein (Klein) February 28, 2018, 4:22pm 1

I am hardly trying to extract the Duration value (in the example below: 10.400) using grok and to create a field Conference_duration.

The reason for the extraction is that I would like to summarize it or to receive an avarage value based on a specific timeframe

Any idea how to do this? I am done

<134>Feb 27 21:58:03.439 xxxxnode01 2018-02-27 21:58:03,439 Level="INFO" Name="administrator.conference" Message="Conference has been stopped." Conference="Heinz VMR" Service-tag="" Service-type="conference" Duration="10.400"

eperry (Ed) February 28, 2018, 9:50pm 2

what is the grok statement you have created to parse the data?

you can test your parsing at https://grokdebug.herokuapp.com/

system (system) Closed March 28, 2018, 9:51pm 3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.