Hello,
I have the following configuration in Logstash to read data from a CSV file that I pass every day. I have it working correctly. My doubt is that I need to add a new field based on a mathematical function against an already created field.
The logstash configuration file is as follows:
input {
file {
path => "/etc/logstash/conf.d/*.csv"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
csv {
skip_header => "true"
separator => ","
columns => [
"user-id",
"date",
"last_login_date",
"assigned_quota",
"used_quota",
"number_files",
"number_shares",
"number_uploads",
"number_downloads"
]
remove_field => ["message"]
}
date {
match => [ "date", "yyyy-MM-dd HH:mm:ss"]
target => ["@timestamp"]
}
date {
match => [ "last_login_date", "yyyy-MM-dd HH:mm:ss"]
target => ["last_login_date"]
}
mutate {convert => ["assigned_quota", "integer"]}
mutate {convert => ["used_quota", "integer"]}
mutate {convert => ["number_files", "integer"]}
mutate {convert => ["number_shares", "integer"]}
mutate {convert => ["number_uploads", "integer"]}
mutate {convert => ["number_downloads", "integer"]}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "csv-%{+YYYY.MM.dd}"
}
stdout {}
}
What I want is to create a new field that is the result of the following mathematical function:
new_field = assigned_quota /1024
How can I do this?
Thank you very much in advance.