jmkim
December 20, 2018, 2:45am
1
Hi, everyone!
I am trying to figure out the log count by device.
There is an error
aggregate {
task_id => "%{device}"
code => "
map['log_cnt'] ||= 0
map['log_cnt'] += 1
event.cancel()
"
push_map_as_event_on_timeout => true
timeout_task_id_field => "device"
timeout_timestamp_field => "@timestamp"
timeout => 100
inactivity_timeout => 60
timeout_tags => ['_aggregatetimeout']
timeout_code => "event.set('several_cnt', event.get('log_cnt') > 1)"
}
Can you help me?
jmkim
December 20, 2018, 6:35am
2
I solved the problem.
I've created multiple indexes through different types of filters.
I created aggregate-only index through aggregate plugin and it output normally.
I do not know what it is.
aggregate {
task_id => "%{device}"
push_map_as_event_on_timeout => true
timeout_task_id_field => "device"
timeout_timestamp_field => "@timestamp"
timeout => 100
inactivity_timeout => 60
code => "
map['log_cnt'] ||= 0
map['log_cnt'] += 1
event.cancel if map['pre_log_tm'] && map['pre_log_tm'] >= (event.get('log_tm') - 240)
"
timeout_tags => ['_aggregatetimeout']
timeout_code => "event.set('log_type', 'rename')"
}
system
January 17, 2019, 6:35am
3
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.