Hi Team
I am using logstash v7.8 to extract data from ES v7.8 index and inserting respective records to ES v7.8 index-2.
While doing so , I want to use filter --> mutate --> add_field ==> { "doc_date" => "now-1d" }
How can i achieve "now-1d" with particular date format and timezone in logstash.
Could you please help me ..
Thanks
Tushar Nemade
ruby { code => 'event.set("[date]", Time.at(Time.now.to_i - 86400))' }
will produce
"date" => 2020-10-08T17:55:05.000Z,
"@timestamp" => 2020-10-09T17:55:05.398Z,
You can use strftime if that is not the format you want.
Hello
Thanks Badger for your response.
Could you please help me to understand , how to call this ruby or srftime code in add_filed of mutate filter ..
Thanks
Tushar Nemade
Hello
I understand , below one will be my code with time format. But I am unable to use this in add_filed .. could someone please help me with that ..
ruby { code => "event.set('[date]', Time.at(Time.now.to_i - 86400)).time.strftime('%Y-%m-%d'))" }
Thanks
Tushar Nemade
You do not use add_field or mutate, you use a ruby filter.
Hello
Thanks.
When i am using
code => 'event.set("[curr_date]", Time.at(Time.now.to_i - 86400).time.strftime("%Y-%m-%d"))'
I am getting below error :
[2020-10-10T19:36:02,407][ERROR][logstash.filters.ruby ][main][96fd5f758cc12f0b36825b45c2bde51e89f33542b4a4727e21bf3df9408bfdc4] Ruby exception occurred: undefined method `time' for 2020-10-09 19:36:02 +0530:Time /mnt/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/awesome_print-1.7.0/lib/awesome_print/formatters/base_formatter.rb:31: warning: constant ::Fixnum is deprecated { "host" => "jes-ext-pd-es-fldapplogs-02", "tags" => [ [0] "_rubyexception" ], "@version" => "1", "@timestamp" => 2020-10-10T14:06:02.288Z, "message" => "" }
Could you please help me to fix this error... I am trying to fix this .. but somewhere syntax error i m doing that is not being captured by me yet ...
Thanks
Tushar Nemade
Finally its working ...
code => 'event.set("[curr_date]", Time.at(Time.now.to_i - 86400).strftime("%Y-%m-%d"))'
Now I want to add timezone ...
Will update in here
I think that should be
Time.at(Time.now.to_i - 86400).strftime("%Y-%m-%d")
Hello
```filter {
ruby {
code => 'event.set("[curr_date]", Time.at(Time.now.to_i - 86400).localtime("+05:30").strftime("%Y-%m-%d %H:%M:%S"))'
}
}```
Output -->
"curr_date" => "2020-10-09 19:49:17"
This is as expected.
Thanks Badger , for your help and support which made this working ...
Much appreciated...
Thanks
Tushar Nemade
Hello Team
From Above i got how to get the curr_date value of time , but how to add this curr_date as field in elasticsearch index -- output one.
could you please help me.
Thanks
Tushar Nemade
can someone please help me
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.