Logstash filter issue

Elastic Stack Logstash
1

Hi team,

I am using logstash filter to get the duration between two dates.

StartDate =2023-05-23T 10:25:53.123Z
EndDate =2023-05-23T 18:25:43.123Z
using the code below:--

            match => [ "Start Date", "ISO8601" ]
            target => "start_date"
        }
date {
            match => [ "End Date", "ISO8601" ]
            target => "end_date"
        }
        

ruby {
      init => "require 'time' "
      Code=> "event.set('duration', event.get('end_date').to_f - event.get('start_date').to_f )
 "
  }

In one machine it's showing proper output in second as (ex-34526.234) but in another machine for same code it's showing (1243678889.788) 10 digit output .

Is it the issue of time in Date filter?
Or any other issue?

Any help would be thankful.

2

If the StartDate field is missing then you will just get the result of parsing EndDate, which in recent years would be a 10-digit number.

3

Thanks burger , but I have checked both dates are present in the ingested data.

4

If you showed us a sample event using output { stdout { codec => rubydebug } } we might be able to work it out.

5

Hi burger,
In the output part I am using like this

 Output {

   Elasticsearch {
          I'd => "main_es" 
          Host=> ["localhost:9200"]
           
          index => "%{[@metadata][indexname]}"
          I'd => "%{I'd}"
         sniffing=true
         action= update
         doc_as_upcert=> true

}
}
6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.