Hi Team,
I want to write filter to compare current event with previous one. My requirement is as below:
Let's say first log has event id as 100, I want to check when the second log comes it should be 1 greater than previous one. That is, it should be 101. If it's not 101, then I wan't to add tag to the event.
Please help out. I have never used aggregate filter.
Thanks
Akhil Sharma
You should try to look for watcher rules instead of Aggregate filter plugin which dosen't seem to be useful in your use case.
logstash generally does not preserve the order of events.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.