Aggregate data based on some field

Hi,

Grok pattern (?\d{0-6}) %{WORD:loglevel} %{BASE10NUM:amount}

I have following set of colums col1=cardNUmber,col2=Info,col3=Amount
Data are:

123456 Failed 123.40
123456 Failed 1234
123456 Success 1200
123 Failed 120

Now , i want to aggregate total amount based on particular card number for example: my output for above should be like this

123456 failed (123.40+1234)
123456 success 1200
123 Failed 120

I know we can use aggregate function but still am confusing how should i apply here

Please help me out with example
Thanks
Gaurav

You want to aggregate in kibana? You want a sum aggregation on a field your specific field, I think in your case is amount.

https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-metrics-sum-aggregation.html

I want to do aggregation in my logstash.conf file

I think you'd need to do this via some ruby, there's no plugin that does math like this.

Can you give some more pointer or example .cause i am not getting how
exactly we will do this

I think that aggregate plugin could help.
But could you give the final json document you expect at the end of logstash ?

Input :

123456 Failed 123.40
123456 Failed 1234
123456 Success 1200
123 Failed 120

Output :

123456 failed (123.40+1234)
123456 success 1200
123 Failed 120