Logstash grok hour and minute ruby

Cristiane_Marcarini · December 28, 2020, 11:16am

Hi,
I have a grok and I don't want to change it, but I wanted to have the hour and minutes separate, it could be using Ruby, something like that.
Thanks

else if "performanceLog" in [path]
{
grok
{
match => {"message" => "(?%{YEAR:year}/%{MONTHNUM:month}/%{MONTHDAY:day}-%{TIME:date}) | %{USERNAME:username} | %{DATA:balcao} | %{DATA:server} | (%{DATA:transaction} | %{BASE10NUM:time}|%{GREEDYDATA:message})" }
overwrite => [ "message" ]
}
}
grok
{
break_on_match => false
match => {"path" => "(%{GREEDYDATA}/%{DATA:filename}_%{GREEDYDATA}.txt)|%{GREEDYDATA}"}
match => {"message" => "(?[\S]*Exception:)"}
}
mutate
{
add_field => {"logDate" => "%{year}-%{month}-%{day} %{date}"}
convert => {
"time" => "integer"
"conexoes" => "integer"
"ELKValue" => "integer"

		}
	}
	ruby 
	{
		 code => 'event.set("timeGroup", ((event.get("time").to_f / 5).ceil) * 5)'
	}
	date 
	{
		match 	=> ["logDate", "yyyy-MM-dd HH:mm:ss.SSS"]
		target 	=> "@timestamp"
	}

system · January 25, 2021, 11:16am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.