【Logstash】 I want to calculate the difference of field value

yokoyoko · November 6, 2019, 5:28am

Prerequisite

Monitoring server access logs with logstash.

want to do

Calculate the difference between the time field values in the log (end_time-start_time). And I want to add the result to the new field as [support_time].

Log_sample

【Before】
"00001~Product inquiry~2019-11-05 10:00:00~2019-11-05 10:10:00"
( [number)][business_type)][service_start_time)][service_end_time])

【After】
"00001~Product inquiry~2019-11-05 10:00:00~2019-11-05 10:10:00~00:10:00"
([number)][business_type)][service_start_time)][service_end_time][support_time])

Code

# Adding a new field to the access log can be done with "add_field".
# But, The description method of end_time-start_time is not known.

    mutate {
     add_field => {
       "support_time" => "what to write here ?"
     }
    }

Badger · November 6, 2019, 2:37pm

It will not be a mutate filter, you will need to use ruby.

system · December 4, 2019, 2:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Timestamp difference calculation Logstash	6	7115	December 6, 2017
Calculate Date difference in LOGSTASH based on conditional text Logstash	6	1525	June 21, 2017
How to calculate timestamp difference in logstash config file? Logstash	2	2025	September 9, 2020
Get Difference between two date field with ruby filter Logstash	2	6925	September 13, 2017
How to calculate difference between two dates and add to index Logstash	3	2862	July 6, 2017

【Logstash】 I want to calculate the difference of field value

Prerequisite

want to do

Log_sample

Code

Related topics