Aggregate filter that stores the value from previous record

Tejas_Ghutukade · June 26, 2017, 5:07pm

I am trying to write aggregate filter in logstash which stores the value of previous record into a field. Here's my aggregate filter:

aggregate {
    task_id => "%{TRANSACTIONIDGLOBAL}"
    code => "   
    map['tr_start'] ||= event.get('starttime')
    map['tr_end'] ||= event.get('endtime')
    event.set('cc' ,map['tr_end'])
    map['tr_start'] << event.get('starttime')
    map['tr_end'] << event.get('endtime')       
    "
    map_action => "create_or_update" 
}

but in the output the field "cc" consist the value of the same record and not the previous record

Output
starttime          endtime         cc
1,493,668,033    1,493,668,039    1,493,668,039
1,493,668,037    1,493,668,037    1,493,668,037
1,493,668,358    1,493,668,358    1,493,668,358

But the Output i want is

Output
starttime          endtime         cc
1,493,668,033    **1,493,668,039**    1,493,668,039
1,493,668,037    *1,493,668,037*    **1,493,668,039**
1,493,668,358    1,493,668,358    *1,493,668,037*

any help will be appreciated. Thanks

system · July 24, 2017, 5:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.