Hi, i have this problem on aggregation filter :
String can't be coerced into Integer , this is the log message :
[2020-11-23T15:55:13,479][ERROR][logstash.filters.aggregate][main][13ac83016d9f4ef50e52f1df4fd7eba1bf205b3468e17dfc5d6cfe5ff36cd892] Aggregate exception occurred {:error=>#<TypeError: String can't be coerced into Integer>, :code=>"map['execution_time_temp'] += event.get('sqlfetch_time')", :map=>{"execution_time_temp"=>0}, :event_data=>{"agent"=>{"hostname"=>"micmclasfour01.2irgdc.lan", "id"=>"03d705d4-c391-4ee9-a8af-38780a3ff038", "ephemeral_id"=>"fdaffb0d-62e3-43d2-92ad-0fa7e4151072", "type"=>"filebeat", "version"=>"7.0.1"}, "orario"=>"15:55:10,575", "log"=>{"file"=>{"path"=>"/jboss/jboss-4.2.2.GA/server/djbcfour/servers/i1jbcfour1/log/i1jbcfour1.log"}, "offset"=>5810304}, "@metadata"=>{"ip_address"=>"10.79.202.170", "version"=>"7.0.1", "beat"=>"filebeat", "type"=>"_doc"}, "jcaption_id"=>"[]", "log_level"=>"INFO", "type"=>"application_log", "message"=>"[] 15:55:10,575 INFO [RicercaRichiestaManagerBean] [RICERCA] [5304784980320597] [FETCH] execution time: 0.0030 seconds", "tags"=>["beats_input_codec_plain_applied"], "input"=>{"type"=>"log"}, "@timestamp"=>2020-11-23T14:55:12.369Z, "ecs"=>{"version"=>"1.0.0"}, "host"=>{"name"=>"micmclasfour01.2irgdc.lan"}, "@version"=>"1", "correlation_id"=>"5304784980320597", "class"=>"RicercaRichiestaManagerBean", "sqlfetch_time"=>"0.0030"}}
This is my aggregation config :
filter {
if [type] == "application_log" {
grok {
match => [ "message", "%{DATA:jcaption_id}\s+%{TIME:orario}[\s]+%{LOGLEVEL:log_level}[\s]+\[%{USERNAME:class}\][\s]+\[?%{USERNAME:correlation_id}][\s]+\[COUNT]\s+\[SQL]+%{GREEDYDATA:sqlcount}" ]
match => [ "message", "%{DATA:jcaption_id}\s+%{TIME:orario}[\s]+%{LOGLEVEL:log_level}[\s]+\[%{USERNAME:class}\][\s]+\[?%{USERNAME:correlation_id}][\s]+\[COUNT]\s+\[PARAM][\s]+%{GREEDYDATA:sqlcount_param}" ]
match => [ "message", "%{DATA:jcaption_id}\s+%{TIME:orario}[\s]+%{LOGLEVEL:log_level}[\s]+\[%{USERNAME:class}\][\s]+\[RICERCA][\s]+\[?%{USERNAME:correlation_id}][\s]+\[COUNT][\s]+%{DATA:}:[\s]+%{BASE10NUM:sqlcount_time}" ]
match => [ "message", "%{DATA:jcaption_id}\s+%{TIME:orario}[\s]+%{LOGLEVEL:log_level}[\s]+\[%{USERNAME:class}\][\s]+\[?%{USERNAME:correlation_id}][\s]+\[FETCH]\s+\[SQL][\s]+%{GREEDYDATA:sqlfetch}" ]
match => [ "message", "%{DATA:jcaption_id}\s+%{TIME:orario}[\s]+%{LOGLEVEL:log_level}[\s]+\[%{USERNAME:class}\][\s]+\[?%{USERNAME:correlation_id}][\s]+\[FETCH]\s+\[PARAM][\s]+%{GREEDYDATA:sqlfetch_param}" ]
match => [ "message", "%{DATA:jcaption_id}\s+%{TIME:orario}[\s]+%{LOGLEVEL:log_level}[\s]+\[%{USERNAME:class}\][\s]+\[RICERCA][\s]+\[?%{USERNAME:correlation_id}][\s]+\[FETCH][\s]+%{DATA:}:[\s]+%{BASE10NUM:sqlfetch_time}" ]
}
if [sqlcount] {
aggregate {
task_id => "%{correlation_id}"
code => "map['execution_time_temp'] = 0"
map_action => "create"
}
}
if [sqlcount_param] {
aggregate {
task_id => "%{correlation_id}"
code => ''
map_action => "update"
}
}
if [sqlcount_time] {
aggregate {
task_id => "%{correlation_id}"
code => "map['execution_time_temp'] += event.get('sqlcount_time')"
map_action => "update"
}
}
if [sqlfetch] {
aggregate {
task_id => "%{correlation_id}"
code => ''
map_action => "update"
}
}
if [sqlfetch_param] {
aggregate {
task_id => "%{correlation_id}"
code => ''
map_action => "update"
}
}
if [sqlfetch_time] {
aggregate {
task_id => "%{correlation_id}"
code => "map['execution_time_temp'] += event.get('sqlfetch_time')"
map_action => "update"
}
}
if [sqlfetch_time] {
aggregate {
task_id => "%{correlation_id}"
code => "event.set('execution_time', map['execution_time_temp'])"
map_action => "update"
end_of_task => true
timeout => 120
}
}
if !("" in [correlation_id]) {
drop { }
}
}
}
what can i do?