If statement to check if difference between two values is greater than number

greengeek · March 28, 2019, 9:09pm

I have two fields that are epoch timestamps. I want to take the first field and subtract the second field. If the results are larger than a certain number, I want to write a value into a new field.

Basically an IF statement something like IF (a - b) > 2592000 #the equivalent to 30 days epoch time
Then write value some text to field.

This is the code I have. I verified that I am getting two values set as integers for the times, but I don't think I have the IF statement correct and/or the THEN write statement.

ruby {    
	code => "
		event.set('date_plugin_mod_epoch', event.get('plugin_modification_date').to_i)  
		event.set('date_add_epoch', event.get('@timestamp').to_i)
		if (event.get('date_add_epoch') - event.get('date_plugin_mod_epoch')) > 2592000
			event.set('past_due', 'Past Due')
		end"  
}

Any suggestions please? Thanks!

Badger · March 29, 2019, 12:53pm

That code works just fine for me provided that plugin_modification_date is a Logstash::Timestamp. Although I would write it as

        code => "
            date_plugin_mod_epoch = event.get('plugin_modification_date').to_i
            date_add_epoch = event.get('@timestamp').to_i
            if date_add_epoch - date_plugin_mod_epoch > 2592000
                event.set('past_due', 'Past Due')
            end
        "

{
    "plugin_modification_date" => 2019-02-27T16:23:12.000Z,
                  "@timestamp" => 2019-03-29T12:50:56.230Z,
                         "foo" => "2019/02/27 11:23:12", [...]
}
{
    "plugin_modification_date" => 2019-02-26T16:23:12.000Z,
                  "@timestamp" => 2019-03-29T12:51:02.205Z,
                         "foo" => "2019/02/26 11:23:12",
                    "past_due" => "Past Due", [...]
}

What exactly do your two "epoch timestamps" look like.

greengeek · March 29, 2019, 3:00pm

Thank you for your response. My epoch timestamps look like this, 1553871497 and 1518533837 as an example. They are in unix epoch time format.

Badger · March 29, 2019, 4:19pm

OK, your code works just fine with that format too.

greengeek · March 29, 2019, 5:00pm

Strange that I cannot get my code to work. I am going to try your example as it looks far better. I like how you set the values to variables, instead of how i set them to fields then had to remove them after.

Badger · March 29, 2019, 5:06pm

I suggest you calculate the difference and save that to a field. Maybe it will make you see something that you are missing.

system · April 26, 2019, 5:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Compare Dates in Logstash Pipeline Logstash	5	2546	October 21, 2020
Timestamp difference calculation Logstash	6	7115	December 6, 2017
IF less than value is not working Logstash	8	957	November 4, 2019
Logstash issue Logstash	2	284	March 14, 2023
How to compare 2 numerical field values with each other? Logstash	2	407	August 1, 2019

If statement to check if difference between two values is greater than number

Related topics