Page 2 of 2
Re: To Pull Historical report from nagios Log
Posted: Fri Sep 01, 2017 8:54 am
by anish
Is there a way to convert UNIX epoch Time to human readable time from Nagios Log server end ??
Re: To Pull Historical report from nagios Log
Posted: Fri Sep 01, 2017 9:22 am
by mcapra
That would depend on which timestamp you are referring to.
ElasticSearch doesn't have any neat functions like SQL Server or MySQL for converting dates on the fly. If ElasticSearch is storing a particular field as a Unix timestamp, you'd have to do the conversion before you store it. This is done as a Logstash filter typically, usually using the
date plugin.
Re: To Pull Historical report from nagios Log
Posted: Fri Sep 01, 2017 10:24 am
by cdienger
Using a previous example you could run the query as:
Code: Select all
curl -XGET 'http://sesklnglsidv01/nagioslogserver/api/backend/logstash-2017.05.16,logstash-2017.05.15/_search?pretty&token=0fe304665e40fb35fdb796eef532df3a079e44a6' -d '{
"query": {
"filtered": {
"query": {
"bool": {
"should": [
{
"query_string": {
"query": "*"
}
}
]
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"from": "2017-05-15T13:49:57.000Z",
"to": "2017-05-16T13:49:57.000Z"
}
}
}
]
}
}
}
},
"highlight": {
"fields": {
"*": {}
},
"fragment_size": 2147483647,
"pre_tags": [
"@start-highlight@"
],
"post_tags": [
"@end-highlight@"
]
},
"size": 250,
"sort": [
{
"@timestamp": {
"order": "desc",
"ignore_unmapped": true
}
},
{
"@timestamp": {
"order": "desc",
"ignore_unmapped": true
}
}
]
}'
{
"query": {
"range" : {
"@timestamp" : {
"gte": "now-16h/h",
"lte": "now-1h/h"
}
}
}
}