Converting epoch time to date in logstash using ruby filter

∥☆過路亽.° 提交于 2019-12-11 17:25:55

问题


I have a field name "timestamp" in my configuration. It holds an array of data in epoch time (miliseconds). I want to use Ruby filter to convert each epoch time in the array and convert into Date format consumable by Kibana. I am trying to convert each date field and store in a new field as an array. I am getting syntax errors. Can anyone help me out ? I am new to Ruby.

ruby {
code => {'
event.get("timestamp").each do |x| {    
event["timestamp1"] = Time.at(x)
    } 
'}
}

回答1:


I don't know about logstash, but the Ruby code you include within quotes is invalid. Try this:

ruby {
  code => {'
    event.get("timestamp").each { |x| event["timestamp1"] = Time.at(x) } 
'}
}

If you intend your timestamp key to increment, then you need to include an index:

ruby {
  code => {'
    event.get("timestamp").each_with_index { |x, i| event["timestamp#{i}"] = Time.at(x) } 
'}
}



回答2:


//This will take an timestamp array with values in milliseconds from epoch time and create a new field with parsed time. This code is part of ruby filter Note : This does not convert into Date field format

code => '
    timestamps = Array.new
    event.get("timestamp").each_with_index { |x, i| 
    timestamps.push(Time.at(x.to_i / 1000)) }
    event.set( "timestamp1" , timestamps)
  '


来源:https://stackoverflow.com/questions/48934845/converting-epoch-time-to-date-in-logstash-using-ruby-filter

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!