Logstash event @timestamp adjustment

Stefan_Sabolowitsch · October 15, 2019, 10:13am

Hi there,
i want to calculate "event.start" from "event.end" and "event.duration", so a subtraction of "event.end" and "event.duration"

"event.end": "2019-10-15T07:34:14.000Z",
"event.duration": 30, (sec.)

Thereafter, event.duration is to be converted into nanoseconds, ie multiplication * 1000000000.
I've looked at using the ruby plug in but my ruby knowledge is zero

My first attempt is this:


if !([event.duration] == 0) {
	mutate	{
		add_field => {"event.end" => "%{@timestamp}" }
			}
			ruby {
#				    init => "require 'time'"
#  					code => "
#    						diff = event.get('start_date') - event.get('end_date')
#    						event.set('timediff') = diff;
#    						"
						code => "event.set('event.duration', event.get('event.duration').to_i * 1000000000))"	
			}
		}

But get the following error message:


[2019-10-15T12:11:05,640][ERROR][org.logstash.Logstash    ] java.lang.IllegalStateException: Logstash stopped processing because of an error: (SyntaxError) (ruby filter code):2: syntax error, unexpected ')'
 event.set('event.duration', event.get('event.duration').to_i * 1000000000)) 
                                                                           ^

Thanks for any help.

Badger · October 15, 2019, 2:50pm

Remove one of the ) at the end of the code option.

system · November 12, 2019, 2:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash : How to compute endDate from startDate + duration Logstash	3	966	February 13, 2017
Duration calculation failing Logstash	2	207	March 21, 2019
Logstash filter ruby create new event? Logstash	6	2081	July 6, 2017
Event time adjustment Logstash	1	441	July 6, 2017
Help to calculate start time from disconnection time and session time Logstash	8	2620	July 6, 2017

Logstash event @timestamp adjustment

Related topics