Hi,
I've got a log file with rows like this: Action1 took: 00:00:00.0320605
I would like to parse it and output to elasticsearh.
As far as I know there is no such type like TimeSpan, so I need to convert it to int or float.
I think I've got 2 options here:
How can I achieve this?
You can use a grok filter to extract the hours, minutes, and seconds into separate fields, then use a simple ruby filter to combine them. Untested:
filter {
grok {
match => ["timespan", "%{INT:hours}:%{INT:MINUTES}:%{NUMBER:seconds}"
}
ruby {
code => "
event['elapsed'] = 3600 * event['hours'].to_f + 60 * event['minutes'].to_f + event['seconds'].to_f
"
remove_field => ["hours", "minutes", "seconds"]
}
}© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.