How to convert the hrs and min to sec in the log file item

Elastic Stack Logstash
1

Hi all,

2018-12-18 08:25:56|Info|DEVAPPSVR016|11976|bgtTagger|total tagger time : 0.031 secs
2018-12-18 09:01:06|Debug|DEVAPPSVR016|7944|bgtProtocolAdapter|[tag]
2018-12-18 08:25:56|Stats|DEVAPPSVR016|11976|bgtTagger|canon 0.010 secs
2018-12-18 08:25:56|Stats|DEVAPPSVR016|11976|bgtTagger|canon 0.011 secs
2018-12-18 08:25:56|Info|DEVAPPSVR016|11976|bgtTagger|total tagger time : 0.094 secs
2018-12-18 08:25:56|Stats|DEVAPPSVR016|7944|bgtProtocolAdapter|[tag] 16 mins 23.877 secs
2018-12-18 08:25:56|Stats|DEVAPPSVR016|7944|bgtProtocolAdapter|[tag] 11 hrs 16 mins 23.877 secs
2018-12-19 01:43:30|Warning|DEVAPPSVR016|9996|bgtTagger|invalid document type (ocx) specified in hint, detected (docx) document type

From the above log file details, how can I convert the "11 hrs 16 mins 23.877 secs" to the common term "secs"

Can you suggest me to modify the configuration file for this???

input {
beats {
port => 5044
}
}
filter {
grok{
match => {"message" => "%{TIMESTAMP_ISO8601:logtime}|%{WORD:LOGLEVEL}|%{WORD:MACHINE}|%{WORD:PROCESSID}|%{WORD:SERVICENAME}|%{WORD:PROCESS}\s+%{NUMBER:DURATION:float}\s+%{WORD:UNIT}"}
match => {"message" => "%{TIMESTAMP_ISO8601:logtime}|%{WORD:LOGLEVEL}|%{WORD:MACHINE}|%{WORD:PROCESSID}|%{WORD:SERVICENAME}|[%{WORD:PROCESS}]\s+%{NUMBER:DURATION:float}\s+%{WORD:UNIT}"}
match => {"message" => "%{TIMESTAMP_ISO8601:logtime}|%{WORD:LOGLEVEL}|%{WORD:MACHINE}|%{WORD:PROCESSID}|%{WORD:SERVICENAME}|(?%{WORD} %{WORD} %{WORD})\s+:\s+%{NUMBER:DURATION:float}\s+%{WORD:UNIT}"}
match => {"message" => "%{TIMESTAMP_ISO8601:logtime}|%{WORD:LOGLEVEL}|%{WORD:MACHINE}|%{WORD:PROCESSID}|%{WORD:SERVICENAME}|[%{WORD:PROCESS}]"}
match => {"message" => "%{TIMESTAMP_ISO8601:logtime}|%{WORD:LOGLEVEL}|%{WORD:MACHINE}|%{WORD:PROCESSID}|%{WORD:SERVICENAME}|<%{WORD:PROCESS}>"}
match => {"message" => "%{TIMESTAMP_ISO8601:logtime}|%{WORD:LOGLEVEL}|%{WORD:MACHINE}|%{WORD:PROCESSID}|%{WORD:SERVICENAME}|<%{WORD:PROCESS}>\s+%{NUMBER:DURATION:float}\s+%{WORD:UNIT}"}
match => {"message" => "%{TIMESTAMP_ISO8601:logtime}|%{WORD:LOGLEVEL}|%{WORD:MACHINE}|%{WORD:PROCESSID}|%{WORD:SERVICENAME}|%{GREEDYDATA:MSG}"}
}
date {
match => [ "logtime", "yyyy-MM-dd HH:mm:ss" ]
}

}
output {
elasticsearch{
hosts => "localhost:9200"
manage_template => false
index => "single"
document_type => "test"
}
stdout{codec=>rubydebug}
}

The above is the configuration file I have been running.....

Thanks in advance..

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.