Discuss the Elastic Stack

Hot to get a duration value extracted from field message into an new field

Elastic Stack Elasticsearch

sklein (Klein) February 28, 2018, 4:22pm 1

I am hardly trying to extract the Duration value (in the example below: 10.400) using grok and to create a field Conference_duration.

The reason for the extraction is that I would like to summarize it or to receive an avarage value based on a specific timeframe

Any idea how to do this? I am done

<134>Feb 27 21:58:03.439 xxxxnode01 2018-02-27 21:58:03,439 Level="INFO" Name="administrator.conference" Message="Conference has been stopped." Conference="Heinz VMR" Service-tag="" Service-type="conference" Duration="10.400"

eperry (Ed) February 28, 2018, 9:50pm 2

what is the grok statement you have created to parse the data?

you can test your parsing at https://grokdebug.herokuapp.com/

system (system) Closed March 28, 2018, 9:51pm 3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views	Activity
Elastic Search output piping similar to splunk Elasticsearch	1	488	March 28, 2018
Groking duration Logstash	4	319	April 26, 2018
Help to create new field from message Logstash	2	313	February 20, 2023
Search time field extraction Elasticsearch	2	1982	July 6, 2017
How to extract a field from message and create a visualization? Kibana	2	2787	February 14, 2019

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.