【Logstash】 I want to calculate the difference of field value

yokoyoko · November 6, 2019, 5:28am

Prerequisite

Monitoring server access logs with logstash.

want to do

Calculate the difference between the time field values in the log (end_time-start_time). And I want to add the result to the new field as [support_time].

Log_sample

【Before】
"00001~Product inquiry~2019-11-05 10:00:00~2019-11-05 10:10:00"
( [number)][business_type)][service_start_time)][service_end_time])

【After】
"00001~Product inquiry~2019-11-05 10:00:00~2019-11-05 10:10:00~00:10:00"
([number)][business_type)][service_start_time)][service_end_time][support_time])

Code

# Adding a new field to the access log can be done with "add_field".
# But, The description method of end_time-start_time is not known.

    mutate {
     add_field => {
       "support_time" => "what to write here ?"
     }
    }

Badger · November 6, 2019, 2:37pm

It will not be a mutate filter, you will need to use ruby.

system · December 4, 2019, 2:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.