Hi All,
I'm trying to do something that I'm not seeing an easy way to do and I'm not all that familiar with Ruby, so I'd prefer to use standard filters when/where possible.
Here's the scope of what I'm trying to achieve.
I receive a collectd-snmp polled event for IF-MIB::ifInOctets/IF-MIB::ifOutOctets into Logstash (2.4.1).
The event comes in with fields dstypes, dsnames and values which are all arrays and match up.
An example of the event fields mentioned would be:
dsnames = ['rx','tx']
dstype = ['derive','derive']
values = ['481752','12852']
What I'd like to achieve is splitting this into one event per array entry, ending up with:
Split off event #1
dsname = rx
dstype = derive
value = 481752
Split off event #2
dsname = tx
dstype = derive
value = 12852
Original event canceled.
On top of that, I then want to add a new field to each event which is the value * 8 (to get bits instead of bytes).
Is this all actually achievable using standard filters (Logstash 2.4.1), or must I have to use a ruby filter?
Many thanks,
jdmac