How to convert the apache response time in Logstash?

marco2005 · June 3, 2020, 10:07am

I was able to parse the apache log with the response time using the below grok pattern:

filter {
            grok {
                match => [
                    "message" , "%{COMBINEDAPACHELOG}+%{GREEDYDATA:extra_fields} %{NUMBER:rt_seconds}/%{NUMBER:rt_microseconds}"
                ]
            }
            if ("&" in [request]) {
                grok {
                    match => ["request", "%{DATA:script_name}\?%{GREEDYDATA:script_kv}"]
                }
                kv {
                    source => "script_kv"
                    field_split => "&"
                    value_split => "="
                    remove_char_key => "_"
                    prefix => "query_string_"
                }
                mutate {
                    remove_field => [ "request" ]
                    remove_field => [ "script_kv" ]
                }
         }
       mutate {
                convert => ["response", "integer"]
                convert => ["bytes", "integer"]
                convert => ["rt_seconds", "integer"]
                convert => ["rt_microseconds", "integer"]
            }
}

When I see the type of the rt_*, it still shows as string ? But for response and bytes it shows as a NUMBER. How to fix it ?

system · July 1, 2020, 10:08am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to extract response and key-values value from response time string of apache logs Logstash	2	467	July 2, 2021
Responsetime doesnt come in JSON object in case of %{COMMONAPACHELOG}" Logstash	6	1273	July 6, 2017
How to parse apache error.log Logstash	3	364	April 25, 2022
Help with converting timestamp Logstash	3	526	July 12, 2017
Logstash ruby convert seconds to milliseconds Logstash	3	2481	October 25, 2017

How to convert the apache response time in Logstash?

Related topics