Time Diff Calculation in ruby not working

ssasporta · February 10, 2019, 11:23pm

Hi,

What is wrong in the following filter lines that I am not able to find the TimeDiff field in the output?

     date {
           match => [ "Criado em", "dd/MM/yyyy HH:mm:ss", "ISO8601"]
           target => "CreateDate"
     }
     date {
           match => [ "Data de Fechamento", "dd/MM/yyyy HH:mm:ss", "ISO8601"]
           target => "ClosedDate"
     }
     if [ClosedDate] =~ /.+/ {
                              ruby {
                                    init => "require 'time'"
                                    code => "
                                             starttime = Time.iso8601(event.get('CreateDate').to_s).to_f;
                                             endtime   = Time.iso8601(event.get('ClosedDate').to_s).to_f;
                                             event.set('TimeDiff', endtime - starttime);
                                    "
                              }
     }

I can see in the Kibana, in the created index:

ClosedDate September 22nd 2018, 02:00:00.000

CreateDate September 14th 2018, 20:07:39.000

Regards,
Sharon.

Badger · February 10, 2019, 11:37pm

This is a regexp match on a Logstash::TimeStamp object. It does not do what you want, so the ruby filter is not run. You might want

if [ClosedDate] {

system · March 10, 2019, 11:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Get Difference between two date field with ruby filter Logstash	2	6925	September 13, 2017
Logstash date filter not working Logstash	1	288	March 21, 2019
Timestamp difference calculation Logstash	6	7115	December 6, 2017
Logstash date filter conversion Logstash	1	230	March 21, 2019
Logstash issue Logstash	2	284	March 14, 2023

Time Diff Calculation in ruby not working

Related topics