How to add Date in mutate add field

tusharnemade · October 9, 2020, 5:06pm

Hi Team

I am using logstash v7.8 to extract data from ES v7.8 index and inserting respective records to ES v7.8 index-2.

While doing so , I want to use filter --> mutate --> add_field ==> { "doc_date" => "now-1d" }

How can i achieve "now-1d" with particular date format and timezone in logstash.

Could you please help me ..

Thanks
Tushar Nemade

Badger · October 9, 2020, 5:58pm

ruby { code => 'event.set("[date]", Time.at(Time.now.to_i - 86400))' }

will produce

      "date" => 2020-10-08T17:55:05.000Z,
"@timestamp" => 2020-10-09T17:55:05.398Z,

You can use strftime if that is not the format you want.

tusharnemade · October 10, 2020, 5:02am

Hello

Thanks Badger for your response.

Could you please help me to understand , how to call this ruby or srftime code in add_filed of mutate filter ..

Thanks
Tushar Nemade

tusharnemade · October 10, 2020, 5:11am

Hello

I understand , below one will be my code with time format. But I am unable to use this in add_filed .. could someone please help me with that ..

ruby { code => "event.set('[date]', Time.at(Time.now.to_i - 86400)).time.strftime('%Y-%m-%d'))" }

Thanks
Tushar Nemade

Badger · October 10, 2020, 1:46pm

You do not use add_field or mutate, you use a ruby filter.

tusharnemade · October 10, 2020, 2:10pm

Hello

Thanks.

When i am using
code => 'event.set("[curr_date]", Time.at(Time.now.to_i - 86400).time.strftime("%Y-%m-%d"))'

I am getting below error :

[2020-10-10T19:36:02,407][ERROR][logstash.filters.ruby ][main][96fd5f758cc12f0b36825b45c2bde51e89f33542b4a4727e21bf3df9408bfdc4] Ruby exception occurred: undefined method `time' for 2020-10-09 19:36:02 +0530:Time /mnt/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/awesome_print-1.7.0/lib/awesome_print/formatters/base_formatter.rb:31: warning: constant ::Fixnum is deprecated { "host" => "jes-ext-pd-es-fldapplogs-02", "tags" => [ [0] "_rubyexception" ], "@version" => "1", "@timestamp" => 2020-10-10T14:06:02.288Z, "message" => "" }

Could you please help me to fix this error... I am trying to fix this .. but somewhere syntax error i m doing that is not being captured by me yet ...

Thanks
Tushar Nemade

tusharnemade · October 10, 2020, 2:17pm

Finally its working ...

code => 'event.set("[curr_date]", Time.at(Time.now.to_i - 86400).strftime("%Y-%m-%d"))'

Now I want to add timezone ...

Will update in here

Badger · October 10, 2020, 2:21pm

I think that should be

Time.at(Time.now.to_i - 86400).strftime("%Y-%m-%d")

tusharnemade · October 10, 2020, 2:24pm

Hello

```filter {
ruby { 
code => 'event.set("[curr_date]", Time.at(Time.now.to_i - 86400).localtime("+05:30").strftime("%Y-%m-%d %H:%M:%S"))'
}
}```

Output -->

"curr_date" => "2020-10-09 19:49:17"

This is as expected.

Thanks Badger , for your help and support which made this working ...

Much appreciated...

Thanks
Tushar Nemade

tusharnemade · October 14, 2020, 11:15am

Hello Team

From Above i got how to get the curr_date value of time , but how to add this curr_date as field in elasticsearch index -- output one.

could you please help me.

Thanks
Tushar Nemade

tusharnemade · October 15, 2020, 5:46am

can someone please help me

system · November 12, 2020, 5:46am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.