Time Diff Calculation in ruby not working

ssasporta · February 10, 2019, 11:23pm

Hi,

What is wrong in the following filter lines that I am not able to find the TimeDiff field in the output?

     date {
           match => [ "Criado em", "dd/MM/yyyy HH:mm:ss", "ISO8601"]
           target => "CreateDate"
     }
     date {
           match => [ "Data de Fechamento", "dd/MM/yyyy HH:mm:ss", "ISO8601"]
           target => "ClosedDate"
     }
     if [ClosedDate] =~ /.+/ {
                              ruby {
                                    init => "require 'time'"
                                    code => "
                                             starttime = Time.iso8601(event.get('CreateDate').to_s).to_f;
                                             endtime   = Time.iso8601(event.get('ClosedDate').to_s).to_f;
                                             event.set('TimeDiff', endtime - starttime);
                                    "
                              }
     }

I can see in the Kibana, in the created index:

ClosedDate September 22nd 2018, 02:00:00.000

CreateDate September 14th 2018, 20:07:39.000

Regards,
Sharon.

Badger · February 10, 2019, 11:37pm

This is a regexp match on a Logstash::TimeStamp object. It does not do what you want, so the ruby filter is not run. You might want

if [ClosedDate] {

system · March 10, 2019, 11:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.