Hello,
I am pretty new to logstash but am getting the hang of it. I am a total noob with ruby however but I know I am close and just need a little advice from someone. I can't seem to get my code to drop the decimals and can't figure it out. Here is what I have.
if "apache_access" in [tags] {
grok {
match => [ "message", "%{HOSTNAME:hostname}:%{POSINT} %{IPORHOST:clientip} (?[a-zA-Z0-9.@-]+) (?[a-zA-Z0-9.@-]+) [%{HTTPDATE:timestamp}] "(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})" %{NUMBER:response} (?:%{NUMBER:bytes:int}|-) %{QS:referrer} %{QS:agent} %{POSINT:sptime:int} %{QS:xforwarded} %{QS:xuuid}" ]
}
date {
match => [ "timestamp","dd/MMM/yyyy:HH:mm:ss Z" ]
timezone => "America/Chicago"
locale => "en"
} # Old working code from LS 2 # ruby { # code => "event['ptime'] = Integer(event['sptime'] * 0.001)" # } # New code for filebeats ruby { # code => 'event.set("ptime", event.get("sptime") * 0.001 )' code => "event.set('ptime', event.get('sptime') * 0.001)" } }
the code works as far as the math goes however I want ptime to be an integer and it is not.
what I get in the logs are sptime"=>13148 "ptime"=>13.148 I just want ptime to be 13
Any advice would be greatly appreciated.
Thanks!