Hi,
I am using ELK GA 5.0.0. I have a time entry like 06:52:02 and a delay entry (in seconds) like 1.016. I want to push another attribure to elasticsearch, by subtracting seconds from timefield, say 06:52:01 in this case. Is this possible?
Thank you.
With a ruby filter you could.
I don't know ruby, but if you have a search through the posts here you will find similar threads with examples.
Neither do I know ruby 
It will be really helpful if someone like @magnusbaeck or @theuntergeek or @Christian_Dahlqvist look into it
Please don't ping other people like that, if you aren't willing to do a search and spend some time, why would they provide you a direct answer?
We do like to help, but you need to help yourself as well.
You're welcome.. 'll try myself..
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
