Aggregate Filter not working when aggregating Netflow data

I am getting the below data and trying to aggregate the events based on the prefix IP and add the traffic rate of all the events, but it is not working. Not sure what else I can try.

{
"netflow" => {
"dst_mask" => 30,
"prefix" => "11.111.112.0",
"ipv4_src_addr" => "11.0.0.111",
"traffic_rate" => 23
}
}
{
"netflow" => {
"dst_mask" => 30,
"prefix" => "11.111.112.0",
"ipv4_src_addr" => "11.0.0.103",
"traffic_rate" => 26
}
}
{
"netflow" => {
"dst_mask" => 30,
"prefix" => "11.111.112.0",
"ipv4_src_addr" => "11.0.0.111",
"traffic_rate" => 27
}
}
{
"netflow" => {
"dst_mask" => 30,
"prefix" => "11.111.112.0",
"ipv4_src_addr" => "11.0.0.103",
"traffic_rate" => 27
}
}

Aggregate Filter Config:
aggregate {
task_id => '%{"[netflow][prefix]"}'
code => " map['[netflow][prefix]'] = event.get('[netflow][prefix]')
map['[netflow][rate]'] ||= 0
map['[netflow][rate]'] += event.get('[netflow][traffic_rate]').to_i
map['[netflow][mask]'] = event.get('[netflow][dst_mask]')
"
push_map_as_event_on_timeout => true
timeout => 20
}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.