I have a condition here: I have a series of logs where it starts from startTransaction and ends at endtransaction. Now between there two events there are other logs.
My requirement is to capture the log time for the above mentioned events and calculate the difference.
As i read logstash do not support loop, there will be multiple blocks of start and end events, where I need to calculate the time difference.
Please help with some approach.
What about elapsed plugin?
https://www.elastic.co/guide/en/logstash/5.4/plugins-filters-elapsed.html
How to add the calculated field ?
elapsed {
start_tag => "eventstart"
end_tag => "eventend"
unique_id_field => "event_duration"
timeout => 600
new_event_on_match => false
add_field => { "event_duration" => "%{elapsed_duration}" }
}
This is not adding any field
Could use a ruby code... Its simples abd flexible.
Can you give me some sample, i have never used ruby
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.