Aggregate fields from different event

rbkumar88 · March 10, 2016, 8:04pm

Hi,

Please help me setting the filter plugin for the following scenario.
Say I have the following scenario

INFO - 12345 - TASK_START - start
INFO - 12345 - SQL - sqlQuery1 - 12
INFO - 12345 - SQL - sqlQuery2 - 34
INFO - 12345 - SQL - sqlQuery3 - 44
INFO - 12345 - TASK_END - end

If I am aggregating using taskid (12345), there are two things, I want to do.
One is just existence check whether sqlQuery1 happened or not
Other is basically collect all the fields, so that my final single document looks like.

(Assumption sqlQuery2 and sqlQuery3 always happen/present)

task id 12345
sqlQuery2Time 34
sqlQuery3Time 44
sqlQuery1PresentOrNot (boolean) true
sqlQuery1Time 12 (optional field )

Is Aggregate filter plugin the right one for my above scenario or any other plugins can help in as well.

Regards
Bharath

warkolm · March 12, 2016, 9:53am

Aggregate is probably the one!

rbkumar88 · April 5, 2016, 6:54pm

Hi,

Can aggregate filter help me in collecting different fields from intermediate lines/events and have it in the final aggregated event. I know it is mainly for simply adding up time based fields.

Thanks
Bharath

rbkumar88 · April 5, 2016, 7:07pm

Hi,

I just went over the Use cases for this plugin

--extract error information in any task log line, and push it in final task event (to get a final document with all error information if any)

Can someone give me an example of how the "code" option should look like for the above scenario?

Thanks

Topic		Replies	Views
Using aggregate filter to merge different events Logstash	4	384	September 29, 2019
Logstash aggregation filter Logstash	7	285	September 9, 2020
Trouble for grab events with aggregate filter Logstash	2	290	November 28, 2018
Different values in new runs of logstash with Aggregate filter Logstash	2	155	December 16, 2023
How does aggregate with different task_id in one filter part works Logstash	2	327	August 24, 2020

Aggregate fields from different event

Related topics