Subtract term X from Y on the same log?

tomer · September 17, 2017, 6:02am

How can I Subtract term X from Y on the same log?
I saw this, but it doesn't do any arithmetical use. (This uses mutate).
I also tried through a scripted field in Kibana but the fields are not saved in ES and I need to later use them.

P.S.
I also tried through the ruby filter:

    event['delay'] = (event['old1']-event['old2'])

but it didnt result with any thing

Help will be greatly appreciated.

tomer · September 17, 2017, 8:44am

Found an answer here:

filter {
  if [received_at] and [@timestamp] {
    ruby {
      init => "require 'time'"
      code => "
        received_by_indexer = Time.iso8601(event['received_at'].to_s).to_i;
        time_in_event = Time.iso8601(event['@timestamp'].to_s).to_i;
        event['time_difference_in_seconds'] = received_by_indexer - time_in_event;
        event['epoch_received_at_in_seconds'] = received_by_indexer;
        event['epoch_timestamp_in_seconds'] = time_in_event;
        "
      add_tag => [ "calculated_time_difference" ]
    }
  }
}

system · October 15, 2017, 8:44am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash Ruby filter to subtract difference between two timestamps in single event Logstash	5	26254	July 6, 2017
Query checking difference of two terms in a log Elasticsearch	10	2702	October 3, 2017
How to calculate timediff of two fields in the same event Logstash	3	3682	December 4, 2017
Finding time difference between two events with in a single batch of logstash Elasticsearch	6	1009	October 7, 2019
Subtract @timestamp between two events in Visualize on kibana Kibana	4	621	September 2, 2021

Subtract term X from Y on the same log?

Related Topics