Rounding in Pipelines

nick · July 20, 2020, 12:52pm

I don’t think Graylog has a Function for providing rounding of numbers.

I’ve attempted instead a horrible workaround but the substring part of the rule appears to be ignored.

Anyone see why?

I’m expecting something in the format 00.00


when

has_field("metricbeat_system_uptime_duration_ms")

then

//Maths

let time_ms = to_double($message.metricbeat_system_uptime_duration_ms);
let time_mins = time_ms / 60000.00;
let time_hours = time_mins / 60.00;
let time_days = time_hours / 24.00;


//Round Numbers

substring(to_string(time_days),0,4);
to_double(time_days);

//Create and set new fields

set_field("metricbeat_system_uptime_duration_mins", time_mins);
set_field("metricbeat_system_uptime_duration_hours", time_hours);
set_field("metricbeat_system_uptime_duration_days", time_days);

end

shoothub · July 22, 2020, 9:19am

I’ve already helped with similar problem, it can also work for you, please check my previous post:

nick · July 23, 2020, 9:50am

parse_unix_milliseconds requires a value of milliseconds since 1970. My input is just a count of milliseconds the server has been up.

Your code calculates the current hour, minute, second of a date.

I’m looking to convert ms into days, minutes, hours to two decimal places - not a date.

nick · July 23, 2020, 12:12pm

Fixed

when

has_field("metricbeat_system_uptime_duration_ms")

then

//Maths

let time_ms = to_double($message.metricbeat_system_uptime_duration_ms);
let time_mins = time_ms / 60000.00;
let time_hours = time_mins / 60.00;
let time_days = time_hours / 24.00;

//Round Numbers

let time_days = to_double(substring(to_string(time_days),0,5));

//Create and set new fields

set_field("metricbeat_system_uptime_duration_mins", time_mins);
set_field("metricbeat_system_uptime_duration_hours", time_hours);
set_field("metricbeat_system_uptime_duration_days", time_days);

end

nick · July 23, 2020, 3:58pm

Just to complete this, if you want to deal with having an unknown number of minutes but always two decimal places you can replace the Round Numbers line with the code below.

The code above always grabbed 5 characters which only works in the format xx.xx and not xxx.xx or anything above this.

//Round Numbers

let time_mins_split = split("\\.", to_string(time_mins)); //split mins by .
let time_mins1 = concat(to_string(time_mins_split[0]), "."); //minutes & .
let time_mins = to_double(concat(to_string(time_mins1), (substring(to_string(time_mins_split[1]), 0,2))));

let time_hours_split = split("\\.", to_string(time_hours)); //split hours by .
let time_hours1 = concat(to_string(time_hours_split[0]), "."); //hours & .
let time_hours = to_double(concat(to_string(time_hours1), (substring(to_string(time_hours_split[1]), 0,2))));

let time_days_split = split("\\.", to_string(time_days)); //split days by .
let time_days1 = concat(to_string(time_days_split[0]), "."); //days & .
let time_days = to_double(concat(to_string(time_days1), (substring(to_string(time_days_split[1]), 0,2))));

nick · July 28, 2020, 10:45am

Its worth noting that this still doesn’t round numbers, it just splits them to two decimal places.

0.567 will be 0.56 rather than the correct 0.57

system · August 11, 2020, 10:45am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Rounding double values Graylog Central (peer support)	3	1279	June 16, 2018
Pipeline Rule: convert seconds to something readable Graylog Central (peer support) pipeline-rules	2	1296	December 12, 2019
Graylog pipeline problem Graylog Central (peer support)	12	1947	November 1, 2017
Rule for converting time duration string to summable value Graylog Central (peer support) pipeline-rules	6	265	July 15, 2023
Issues with date conversion in pipeline Graylog Central (peer support)	10	1305	March 6, 2019

Rounding in Pipelines

Related topics