Time Duration difference calculation in Logstash

Rebin · February 8, 2021, 12:56pm

Hi All,
i'm trying to calculate the time difference between 2 dates. I'm capturing the data through jdbc

Input

"opentime" : "2020-11-01T11:42:59.000Z",
"resolvedtime" : "2020-11-02T22:38:37.000Z",

Code

filter {
date {
     match => ["opentime", "ISO8601"]
    }
date {
     match => ["resolvedtime", "ISO8601"]
      }

ruby {
     init => "require 'time'"
     code => "duration = (event.get('resolvedtime') - event.get('opentime')) rescue nil; event.set('Time_duration', duration); "
}
}

Output
Time_duration: null

Thanks in Advance

ParashB · February 8, 2021, 3:21pm

Hi,

Could you try this please

event.set('duration', event.get('resolvedtime').to_i - event.get('opentime').to_i);

Badger · February 9, 2021, 12:11pm

That will set [@timestamp]. You should use

date { match => ["opentime", "ISO8601"] target => "opentime" }

to overwrite [opentime]. Similarly for [resolvedtime]. Then use .to_i as ParashB pointed out.

Rebin · February 9, 2021, 12:11pm

Thanks @Badger and @ParashB . It is working

Rebin · February 9, 2021, 12:44pm

Hi @Badger & @ParashB

Now i'm getting in epoch time, is there any way to convert the duration in time format. e.g. hh:mm:ss

So Output would be like below
02:21:34

ParashB · February 9, 2021, 2:35pm

I hope this would be helpful for you

Convert Elapsed Time to Duration

Rebin · February 9, 2021, 4:49pm

Hi,

I'm using Logstash & Elasticsearch and integrating with Grafana. Not using kibana, the above link is using kibana scripted value. I want to convert into date format (HH:MM:SS) in logstash before sending the data to elastic.

Regards,

Badger · February 9, 2021, 5:01pm

Use a ruby filter and strftime.