Parsing execution metrics which are represented as TimeSpan

maxcherednik · June 10, 2015, 7:12am

Hi,

I've got a log file with rows like this: Action1 took: 00:00:00.0320605
I would like to parse it and output to elasticsearh.
As far as I know there is no such type like TimeSpan, so I need to convert it to int or float.

I think I've got 2 options here:

Change the logging and print number of seconds as well
Convert the existing TimeSpan to seconds representation using the logstash filters

How can I achieve this?

magnusbaeck · June 10, 2015, 7:30pm

You can use a grok filter to extract the hours, minutes, and seconds into separate fields, then use a simple ruby filter to combine them. Untested:

filter {
  grok {
    match => ["timespan", "%{INT:hours}:%{INT:MINUTES}:%{NUMBER:seconds}"
  }
  ruby {
    code => "
      event['elapsed'] = 3600 * event['hours'].to_f + 60 * event['minutes'].to_f + event['seconds'].to_f
    "
    remove_field => ["hours", "minutes", "seconds"]
  }
}

Topic		Replies	Views
How to parse a TimeSpan value which displays the difference between to timestamps Logstash	8	1024	September 24, 2020
Parsing duration with 00:00:00 format Logstash	7	584	September 28, 2021
Logstash - elapsed seconds to something human-readable Logstash	3	645	November 20, 2019
How to parse a time to process field Logstash	3	516	November 28, 2017
Elapsed.time from Number to Time Logstash	2	551	July 6, 2017

Parsing execution metrics which are represented as TimeSpan

Related topics