Aggregate filter check value with all previous records

Tejas_Ghutukade · June 29, 2017, 3:15pm

while reading the csv file in logstash i want to compare value with all the previous record and depending on the condition set a field with true or false.
m able to compare with the immediate previous record but i want check for all the previous record.
Is it possible to do using aggregate filter ?

here's my current aggregate filter

 aggregate {
	task_id => "%{odr}"
	code => "
	map['dur'] ||= event.get('endtime');
	event.set('isCc', (event.get('starttime') < map['dur'])?1:0);
	map['dur'] = event.get('endtime');
	"
	push_map_as_event_on_timeout => true
	timeout_task_id_field => "odr"
	timeout => 30
	timeout_tags => ['_aggregatetimeout']
	timeout_code => ""
}

Thanks

system · July 27, 2017, 3:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to compare for values in previous records Logstash	1	803	July 26, 2017
Aggregate filter that stores the value from previous record Logstash	1	750	July 24, 2017
Run a filter that checks for values in previous records Logstash	4	832	July 21, 2017
Aggregate filter usage Logstash	3	254	February 17, 2020
Push_previous_map_as_event if fields exist Logstash	40	2231	January 11, 2021

Aggregate filter check value with all previous records

Related topics