I have a bit of a problem here - i'm reseiving via syslog some data including uptime/downtime periods in format "HHhr:MMmin:SSsec".
There's no problem parsing it in an object like "downtime.<hr/min/sec>", but how do I use it as time units for further aggregations/calculations (for example - total downtime for 24 hours)?
A little example just to clarify:
Data: *blabla* was down for 23hrs:59mins:57sec
Pattern: %{NUMBER:f5_downtime.hr}[a-z]*:%{NUMBER:f5_downtime.mins}[a-z]*:%{NUMBER:f5_downtime.secs}[a-z]*
I would use a ruby filter to convert them all to seconds and sum them
ruby {
code => '
total_downtime = 0
hrs = event.get("f5_downtime.hr").to_i
if hrs
total_downtime += hrs * 3600
end
mins = event.get("f5_downtime.mins").to_i
if mins
total_downtime += mins * 60
end
secs = event.get("f5_downtime.secs").to_i
if secs
total_downtime += secs
end
event.set("f5_downtime.total", total_downtime)
'
}
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.