Hi there,
i want to calculate "event.start" from "event.end" and "event.duration", so a subtraction of "event.end" and "event.duration"
"event.end": "2019-10-15T07:34:14.000Z",
"event.duration": 30, (sec.)
Thereafter, event.duration is to be converted into nanoseconds, ie multiplication * 1000000000.
I've looked at using the ruby plug in but my ruby knowledge is zero
My first attempt is this:
if !([event.duration] == 0) {
mutate {
add_field => {"event.end" => "%{@timestamp}" }
}
ruby {
# init => "require 'time'"
# code => "
# diff = event.get('start_date') - event.get('end_date')
# event.set('timediff') = diff;
# "
code => "event.set('event.duration', event.get('event.duration').to_i * 1000000000))"
}
}
But get the following error message:
[2019-10-15T12:11:05,640][ERROR][org.logstash.Logstash ] java.lang.IllegalStateException: Logstash stopped processing because of an error: (SyntaxError) (ruby filter code):2: syntax error, unexpected ')'
event.set('event.duration', event.get('event.duration').to_i * 1000000000))
^
Thanks for any help.