Aggregation does not work

jmkim · December 20, 2018, 2:45am

Hi, everyone!

I am trying to figure out the log count by device.

There is an error
No data accumulates in the Elastic Search.

aggregate {
  task_id => "%{device}"
  code => "
    map['log_cnt'] ||= 0
    map['log_cnt'] += 1
    event.cancel()
  "
  push_map_as_event_on_timeout => true
  timeout_task_id_field => "device"
  timeout_timestamp_field => "@timestamp"
  timeout => 100
  inactivity_timeout => 60
  timeout_tags => ['_aggregatetimeout']
  timeout_code => "event.set('several_cnt', event.get('log_cnt') > 1)"
}

Can you help me?

jmkim · December 20, 2018, 6:35am

I solved the problem.

I've created multiple indexes through different types of filters.

I created aggregate-only index through aggregate plugin and it output normally.

I do not know what it is.
But, it is fine

aggregate {
  task_id => "%{device}"
  push_map_as_event_on_timeout => true
  timeout_task_id_field => "device" 
  timeout_timestamp_field => "@timestamp" 
  timeout => 100
  inactivity_timeout => 60
  code => "
    map['log_cnt'] ||= 0
    map['log_cnt'] += 1
    event.cancel if map['pre_log_tm'] && map['pre_log_tm'] >= (event.get('log_tm') - 240)
  "
  timeout_tags => ['_aggregatetimeout']
  timeout_code => "event.set('log_type', 'rename')"
}

system · January 17, 2019, 6:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Aggregation doesn't work Logstash	1	399	December 3, 2017
Problem with aggregate filter while using the push_map_as_event_on_timeout feature Logstash	1	1060	July 6, 2017
Aggregate filter plugin not working Logstash	4	1004	August 21, 2018
Aggregate only working when timeout = 0 Logstash	1	412	April 11, 2020
Can't make the "aggregate" filter to work Logstash	1	345	July 6, 2017

Aggregation does not work

Related topics