Aggregate filter that stores the value from previous record

Tejas_Ghutukade · June 26, 2017, 5:07pm

I am trying to write aggregate filter in logstash which stores the value of previous record into a field. Here's my aggregate filter:

aggregate {
    task_id => "%{TRANSACTIONIDGLOBAL}"
    code => "   
    map['tr_start'] ||= event.get('starttime')
    map['tr_end'] ||= event.get('endtime')
    event.set('cc' ,map['tr_end'])
    map['tr_start'] << event.get('starttime')
    map['tr_end'] << event.get('endtime')       
    "
    map_action => "create_or_update" 
}

but in the output the field "cc" consist the value of the same record and not the previous record

Output
starttime          endtime         cc
1,493,668,033    1,493,668,039    1,493,668,039
1,493,668,037    1,493,668,037    1,493,668,037
1,493,668,358    1,493,668,358    1,493,668,358

But the Output i want is

Output
starttime          endtime         cc
1,493,668,033    **1,493,668,039**    1,493,668,039
1,493,668,037    *1,493,668,037*    **1,493,668,039**
1,493,668,358    1,493,668,358    *1,493,668,037*

any help will be appreciated. Thanks

system · July 24, 2017, 5:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Aggregate filter check value with all previous records Logstash	1	558	July 27, 2017
How to compare for values in previous records Logstash	1	803	July 26, 2017
Aggregate filter to remember field accross lines Logstash	3	505	July 8, 2019
Run a filter that checks for values in previous records Logstash	4	832	July 21, 2017
Aggregate filter does not create a value in the output Logstash	3	376	March 22, 2019

Aggregate filter that stores the value from previous record

Related topics