I have a question, I’m currently graphing avg of apache response time.
My value looks like :
avg(response_time_ms) = 609.5384615384615
is there a way to configure it to not report something like :
avg(response_time_ms) = 609
My grok pattern for this field is %{NUMBER:response_time;int} and then I have a
Pipeline converting the value to ms :
rule "millieconds to microseconds"
when
has_field("response_time")
then
let response_time_ms = to_long($message.response_time) / 1000;
set_field("response_time_ms", response_time_ms);
end
You copy only the NUMBERS from the messages. You should ide float, long, etc.
At the pipeline you DEVIDE the number. ??? What is you goal? 609/1000= 0.609. so you convert millisec to sec.
If you loosed the data (microsec part of your response time you cant got it back.
You try to fill the information to an intiger field. ??? A long to integer. In a better situation you got 0. In worse you loose your message, because elasticsearch cant handle it.
So I suggest sit down, and think about your goals.
we log apache2 request with parameter %D which is micro seconds I want to convert to millisec. Example was wrong sorry.
Proper value is like : 405118
which in ms is more readable : 405,118
You are right I want to do something like this :
rule "microseconds to milliseconds"
when
has_field("response_time")
then
let response_time_ms = $message.response_time / 1000;
set_field("response_time_ms", response_time_ms);
end
but this syntax is wrong. I don’t know how to write it. To have some example ?
I don’t have same problem, my value is correctly converted for example from 405118 ms to 405 seconds, and graphed correctly. Please send example of graph…
