Hi Team
I am using logstash v7.8 to extract data from ES v7.8 index and inserting respective records to ES v7.8 index-2.
While doing so , I want to use filter --> mutate --> add_field ==> { "doc_date" => "now-1d" }
How can i achieve "now-1d" with particular date format and timezone in logstash.
Could you please help me ..
Thanks
Tushar Nemade
ruby { code => 'event.set("[date]", Time.at(Time.now.to_i - 86400))' }
will produce
"date" => 2020-10-08T17:55:05.000Z,
"@timestamp" => 2020-10-09T17:55:05.398Z,
You can use strftime if that is not the format you want.
Hello
Thanks Badger for your response.
Could you please help me to understand , how to call this ruby or srftime code in add_filed of mutate filter ..
Thanks
Tushar Nemade
Hello
I understand , below one will be my code with time format. But I am unable to use this in add_filed .. could someone please help me with that ..
ruby { code => "event.set('[date]', Time.at(Time.now.to_i - 86400)).time.strftime('%Y-%m-%d'))" }
Thanks
Tushar Nemade
You do not use add_field or mutate, you use a ruby filter.
Hello
Thanks.
When i am using
code => 'event.set("[curr_date]", Time.at(Time.now.to_i - 86400).time.strftime("%Y-%m-%d"))'
I am getting below error :
[2020-10-10T19:36:02,407][ERROR][logstash.filters.ruby ][main][96fd5f758cc12f0b36825b45c2bde51e89f33542b4a4727e21bf3df9408bfdc4] Ruby exception occurred: undefined method `time' for 2020-10-09 19:36:02 +0530:Time /mnt/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/awesome_print-1.7.0/lib/awesome_print/formatters/base_formatter.rb:31: warning: constant ::Fixnum is deprecated { "host" => "jes-ext-pd-es-fldapplogs-02", "tags" => [ [0] "_rubyexception" ], "@version" => "1", "@timestamp" => 2020-10-10T14:06:02.288Z, "message" => "" }
Could you please help me to fix this error... I am trying to fix this .. but somewhere syntax error i m doing that is not being captured by me yet ...
Thanks
Tushar Nemade
Finally its working ...
code => 'event.set("[curr_date]", Time.at(Time.now.to_i - 86400).strftime("%Y-%m-%d"))'
Now I want to add timezone ...
Will update in here
I think that should be
Time.at(Time.now.to_i - 86400).strftime("%Y-%m-%d")
Hello
```filter {
ruby {
code => 'event.set("[curr_date]", Time.at(Time.now.to_i - 86400).localtime("+05:30").strftime("%Y-%m-%d %H:%M:%S"))'
}
}```
Output -->
"curr_date" => "2020-10-09 19:49:17"
This is as expected.
Thanks Badger , for your help and support which made this working ...
Much appreciated...
Thanks
Tushar Nemade
Hello Team
From Above i got how to get the curr_date value of time , but how to add this curr_date as field in elasticsearch index -- output one.
could you please help me.
Thanks
Tushar Nemade
can someone please help me
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.