Hello,
Am trying to get the difference between two time fields in my logstash ruby filter and when the difference in ingested to elasticsearch I see date_time appended to the value of the difference. Any possible way we remove date_time string appended to the result field.
My code looks like:
ruby {
init => "require 'time'"
code => "duration = (event.get('first_level_handle_time') - event.get('time_first_received')) rescue nil; event.set('first_level_handling_duration', duration/60); "
add_tag => ["match"]
}
and output:
Thanks,
Sai