Logstash ruby time difference appends date_time

sai_kiran1 · October 13, 2020, 7:31am

Hello,

Am trying to get the difference between two time fields in my logstash ruby filter and when the difference in ingested to elasticsearch I see date_time appended to the value of the difference. Any possible way we remove date_time string appended to the result field.

My code looks like:

     ruby {
                    init => "require 'time'"
                    code => "duration = (event.get('first_level_handle_time') - event.get('time_first_received')) rescue nil; event.set('first_level_handling_duration', duration/60); "
                    add_tag => ["match"]
               }

and output:

Thanks,
Sai

system · November 10, 2020, 7:31am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Calculate time difference between two logs with unique ID Logstash	2	3022	May 14, 2017
Logstash Ruby filter to subtract difference between two timestamps in single event Logstash	5	26432	July 6, 2017
Time difference between two fields in a csv using ruby plugin Logstash	3	2642	March 30, 2018
Logstash filter ruby create new event? Logstash	6	2123	July 6, 2017
Time Duration difference calculation in Logstash Logstash	8	2273	March 9, 2021

Logstash ruby time difference appends date_time

Related topics