Hi,
I have field that stores a timestamp and a filed with processing time in milliseconds.
I want to write a filter that adds the preocessing time to the timestamp and create another field the stores the completed timestamp.
Thanks.
And the timestamp you currently have has second resolution (rather than millisecond resolution)? Create a new field that concatenates the two field values and pass that field to a date filter.
mutate {
add_field => {
"new-timestamp" => "%{old-timestamp} %{milliseconds}"
}
}
date {
match => ["new-timestamp", "date pattern that matches your data"]
}
This example stores the resulting timestamp in @timestamp. The date filter's target option can change that.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.