Aggregate filter check value with all previous records

Tejas_Ghutukade · June 29, 2017, 3:15pm

while reading the csv file in logstash i want to compare value with all the previous record and depending on the condition set a field with true or false.
m able to compare with the immediate previous record but i want check for all the previous record.
Is it possible to do using aggregate filter ?

here's my current aggregate filter

 aggregate {
	task_id => "%{odr}"
	code => "
	map['dur'] ||= event.get('endtime');
	event.set('isCc', (event.get('starttime') < map['dur'])?1:0);
	map['dur'] = event.get('endtime');
	"
	push_map_as_event_on_timeout => true
	timeout_task_id_field => "odr"
	timeout => 30
	timeout_tags => ['_aggregatetimeout']
	timeout_code => ""
}

Thanks

system · July 27, 2017, 3:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to compare for values in previous records Logstash	1	822	July 26, 2017
Run a filter that checks for values in previous records Logstash	4	864	July 21, 2017
Aggregate filter that stores the value from previous record Logstash	1	761	July 24, 2017
Aggregate filter usage Logstash	3	279	February 17, 2020
Agrregate Filter For each Logstash	1	543	December 7, 2016

Aggregate filter check value with all previous records

Related topics