Rebin
February 8, 2021, 12:55pm
1
Hi All,
Input
"opentime" : "2020-11-01T11:42:59.000Z",
"resolvedtime" : "2020-11-02T22:38:37.000Z",
Code
filter {
date {
match => ["opentime", "ISO8601"]
}
date {
match => ["resolvedtime", "ISO8601"]
}
ruby {
init => "require 'time'"
code => "duration = (event.get('resolvedtime') - event.get('opentime')) rescue nil; event.set('Time_duration', duration); "
}
}
Output
Thanks in Advance
ParashB
February 8, 2021, 3:21pm
2
Hi,
Could you try this please
event.set('duration', event.get('resolvedtime').to_i - event.get('opentime').to_i);
Badger
February 8, 2021, 5:36pm
3
That will set [@timestamp ]. You should use
date { match => ["opentime", "ISO8601"] target => "opentime" }
to overwrite [opentime]. Similarly for [resolvedtime]. Then use .to_i as ParashB pointed out.
Rebin
February 9, 2021, 12:11pm
4
Thanks @Badger and @ParashB . It is working
Rebin
February 9, 2021, 12:44pm
5
Hi @Badger & @ParashB
Now i'm getting in epoch time, is there any way to convert the duration in time format. e.g. hh:mm:ss
So Output would be like below02:21:34
ParashB
February 9, 2021, 2:35pm
6
I hope this would be helpful for you
Convert Elapsed Time to Duration
Rebin
February 9, 2021, 4:49pm
7
Hi,
I'm using Logstash & Elasticsearch and integrating with Grafana. Not using kibana, the above link is using kibana scripted value. I want to convert into date format (HH:MM:SS) in logstash before sending the data to elastic.
Regards,
Badger
February 9, 2021, 5:01pm
8
Use a ruby filter and strftime.
system
March 9, 2021, 5:02pm
9
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.