How to calculate timediff (in milliseconds) of two fields in the same event

Elastic Stack Logstash
1

My question is similar to the one asked here but i want to be able to get the time difference in milliseconds.

I saw a ruby solution here, but how do i modify the code to give me the difference in milliseconds instead of in seconds.

My date time fields are in the format "09/10/2018 21:59:26.816" i.e. dd/mm/yyyy HH:MM:ss.SSS

2

so i was able to write the code in ruby.

require 'time'

received_at = '09/10/2018 22:07:19.966' 
sent_at = '09/10/2018 22:07:20.509' 

sentrub = (Time.parse(sent_at).to_f)*1000
recirub = (Time.parse(received_at).to_f)*1000

delta = sentrub - recirub

puts sentrub
puts recirub
puts delta

have to find a way of writing/using it in logstash. :grinning::grinning::grinning:

3

Please check if this is of any help to you.

date{
  match => [ "tds_audittimestamp", "UNIX_MS"]
  timezone => "UTC"
  target => "tds_audittimestamp"
}
date{
  match => [ "effective_timestamp", "UNIX_MS"]
  timezone => "UTC"
  target => "effective_timestamp"
}



#Generate end-2-end latency for messages with below criteria only.
if [msg_type] == "ON_MESSAGE" and [msg_status] == "END" and [effective_timestamp] != "null" and [tds_audittimestamp] != "null" {
    ruby {
        init => "require 'time'"
        code => "
            startdatetime   = event.get('effective_timestamp');
            enddatetime     = event.get('tds_audittimestamp');
                                                            timetaken = (enddatetime - startdatetime) rescue nil;
            event.set('latency_seconds_e2e',timetaken);
            "
    }
}
4

Thank you very much @Ganesh_Venkataraman. I had written a similar ruby code here. but it fails with a ruby code exception " ```
Ruby exception occurred: allocator undefined for Float


    	date {
    		match => [ "received_at", "dd/mm/yyyy HH:mm:ss.SSS" ]
    		timezone => "UTC"
    		target => "receivedlogtime"
    	  }
    	  
    	date {
    		match => [ "sent_at", "dd/mm/yyyy HH:mm:ss.SSS" ]
    		timezone => "UTC"
    		target => "sentlogtime"
    	  }
    	  
    	  
    	if [received_at] and [sent_at] {
    		ruby {
    			init => "require 'time'"
    			code => "
    				received_by_finacle   = (Time.parse(event.get('received_at')).to_f)*1000;
    				sent_out_by_finacle   = (Time.parse(event.get('sent_at')).to_f)*1000;
    				timetaken = (sent_out_by_finacle - received_by_finacle) rescue nil;
    				event.set('time_delta',timetaken);
    				event.set('epoch_received_at_in_milliseconds',received_by_finacle);
    				event.set('epoch_sent_at_in_milliseconds',sent_out_by_finacle);
    				"
    				add_tag => [ "calculated_time_difference" ]
    		}
    	}    

Thank you very much
5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.