Perform date math calculation inside elasticsearch filter plugin

mirkomirko · March 12, 2018, 3:38pm

Hi guys, I'm stucked in trying to perform some date math inside logstash. In particular, for a specific event, I've to query elastic and retrieve all documents that are in a range of 30 minutes from the time written inside a log file.
I.E: date of the event is: 2018-10-02T03:50:000.000Z and I want to search documents that are in a range of +-30minutes.
I try the following inside the filter plugin of elasticsearch, but with no success:
query => "access_time: [%{eventDate}||-30m TO %{eventDate}]"
and this one:
query => "access_time: [%{eventDate}-30m TO %{eventDate}]".
Both does not work. Do you know what is the right syntax?

Thanks in advance!

mirkomirko · March 16, 2018, 4:10pm

Solved by performing date math inside ruby plugin .

system · April 13, 2018, 4:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch.js and Index Date Math Elasticsearch	1	765	December 29, 2016
Finding time difference between two events with in a single batch of logstash Elasticsearch	6	1009	October 7, 2019
How to calculate timestamp difference in logstash config file? Logstash	2	2022	September 9, 2020
Elasticsearch filter plugin does not work as expected Logstash	1	368	April 24, 2019
Elasticsearch filter in logstash = random results Logstash	1	308	December 7, 2021

Perform date math calculation inside elasticsearch filter plugin

Related Topics