Aggregate exception occurred

rohith1570 · July 1, 2019, 7:55pm

Hi,
I'm trying to generate a total file size for a day based on user

Input Filter Conf

if [sum_daily_filesize] == "daily" {
if [user.id] != "" and [user.id] != 'null' {
aggregate {
  task_id => "%{user.id}_%{+d}_%{+MMM}"
  code => "
    map['sdfilesize'] ||= 0 ;
    map['sdfilesize'] += event.get('file.size');
    map['user.id'] ||= 0 ;
    map['user.id'] = event.get('user.id');
    map['incident_creation_date'] ||= 0 ; map['incident_creation_date'] = 
    event.get('incident_creation_date');
    map['user.business_unit'] ||= 0 ; map['user.business_unit'] = event.get('user.business_unit');
    map['user.full_name'] ||= 0 ; map['user.full_name'] = event.get('user.full_name');
    map['manager.full_name'] ||= 0 ; map['manager.full_name'] = 
    event.get('manager.full_name');
    map['manager.email'] ||= 0 ; map['manager.email'] = event.get('manager.email');
    map['recipient_identifier'] ||= [] ; map['recipient_identifier'] << event.get('recipient_identifier');
    map['file.extension'] ||= [] ; map['file.extension'] << event.get('file.extension');
    map['user.department'] ||= 0 ; map['user.department'] = event.get('user.department');
   "
    push_map_as_event_on_timeout => true
    timeout_task_id_field => "sdf"
    timeout => 120
     timeout_tags => ['_aggregatetimeout']
   }
   }
 }

Got below error

 [ERROR][logstash.filters.aggregate] Aggregate exception occurred {:error=>#<TypeError: nil 
 can't be coerced into Fixnum>, :code=>"\n        map['sdfilesize'] ||= 0 ;\n        map['sdfilesize'] +=           
 event.get('file.size');\n        map['user.id'] ||= 0 ;\n        map['user.id'] = event.get('user.id');\n        
 map['incident_creation_date'] ||= 0 ; map['incident_creation_date'] = 
 event.get('incident_creation_date');\n        map['user.business_unit'] ||= 0 ; 
 map['user.business_unit'] = event.get('user.business_unit');\n        map['user.full_name'] ||= 0 ; 
 map['user.full_name'] = event.get('user.full_name');\n        map['manager.full_name'] ||= 0 ; 
 map['manager.full_name'] = event.get('manager.full_name');\n        map['manager.email'] ||= 0 
; map['manager.email'] = event.get('manager.email');\n        map['recipient_identifier'] ||= [] ; 
map['recipient_identifier'] << event.get('recipient_identifier');\n        map['file.extension'] ||= [] ; 
 map['file.extension'] << event.get('file.extension');\n        map['user.department'] ||= 0 ; 
 map['user.department'] = event.get('user.department');\n      ", :map=>{"sdfilesize"=>0}, 
 :event_data=>{"user.id"=>"error", "file.source_drive"=>"no-info", "case_type"=>"Business", 
 "message"=>"88e9fe6fce44", "sum_weekly_filesize"=>"weekly", "tags"=>["metric"], 
 "sum_daily_filesize"=>"daily", "@timestamp"=>2019-07-01T18:22:44.178Z, 
  "manager.full_name"=>"%{manager.first_name} %{manager.last_name}", 
  "file.type"=>"NoExtension", "os_type"=>"windows", "@version"=>"1", "user.full_name"=>"% . 
   {user.first_name} %{user.last_name}", "file.extension"=>"no_ext", "events"=> . 
   {"rate_1m"=>0.008173542876928157, "rate_15m"=>1.386081240172881, "count"=>10, 
    "rate_5m"=>0.6657421673961594}}}

Thanks..

Badger · July 1, 2019, 8:13pm

Your event does not have a file.size field, so event.get returns nil, and that causes the exception. Something like

 fileSize = event.get('file.size')
 if fileSize
     map['sdfilesize'] += event.get('file.size');
 end

rohith1570 · July 2, 2019, 2:49am

Thanks it worked..!!

system · July 30, 2019, 2:50am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.