Calculating Percentage

Elastic Stack Logstash
1

Hello Experts,

I am trying to find a way to calculate percentage of certain events in Elasticsearch using Logstash. Here is what I am trying to do.

  1. Injecting IIB data into Elasticsearch. Below is the sample json of the data in Elasticsearch.

{
"_index": "bam",
"_type": "_doc",
"_id": "KBid03QBdV29oElQhLkW",
"_version": 1,
"_score": null,
"_source": {
"gte": "http://www.ksabanks.com/EBWPP/swcm/schema",
"ServiceCommonAttributes": {
"MessageIdentifier": "Monitoring\Realtime\TXN",
"ProcessName": "Bill Query",
"ServicePartner": {
"PartnerID": "ASCB",
"PartnerType": "FIN",
"PartnerName": "BANK"
},
"ServicePattern": "REALTIME",
"InvocationProtocol": "XML",
"ExternalServiceVersion": "1.0",
"InternalExecutedServiceVersion": "1.0",
"EventType": "Inbound",
"ResponseStatus": "Business Failure",
"InternalStatus": {
"StatusCode": "192",
"StatusDescription": "FATAL:192:No Result Found for Query Request"
},
"ServiceStartTime": "2020-09-28T10:29:15.348+03:00",
"ServiceEndTime": "2020-09-28T10:29:15.411+03:00",
"AccessChannel": "MOBILE",
"ProvidingPartner": {
"PartnerID": "NA",
"PartnerType": "",
"PartnerName": ""
},
"RecordCount": "0",
"ExternalStatus": {
"StatusCode": "41199",
"StatusDescription": "No bills found matching the search criteria"
},
"URI": "Future URL for Message Content",
"ResponseTimeE2E": 63
}
},
"fields": {
"ServiceCommonAttributes.ServiceEndTime": [
"2020-09-28T07:29:15.411Z"
],
"ServiceCommonAttributes.ServiceStartTime": [
"2020-09-28T07:29:15.348Z"
]
},
"highlight": {
"ServiceCommonAttributes.ProcessName.keyword": [
"@kibana-highlighted-field@Bill Query@/kibana-highlighted-field@"
]
},
"sort": [
1601278155348
]
}

  1. Sending data from Elasticsearch to Logstash. I am sending only the events whose
    ServiceCommonAttributes.ProcessName = Bill Query. Following is the logstash input for Elasticsearch.

input
{
elasticsearch
{
hosts => "elasticsrv01"
index => "bam"
query => '{ "query": { "bool" : { "must" : { "term": { "ServiceCommonAttributes.ProcessName.keyword" : "Bill Query" } } } } }'
schedule => "*/5 * * * *"
}
}

  1. I am trying to create filter and this is where I am stuck. As per my understanding all the calculations must be done in the filter. Below is what I am trying to find.

  • How to find the total count of ServiceCommonAttributes.ProcessName = Bill Query and ServiceCommonAttributes.ResponseStatus= Business Failure for the last 5 minutes?

  • How can I send only count(Bill Query) and count(Business Failure) values for the last 5 minutes to the Elasticserach?

Any input or suggestionsany inputs would be appreciated.

Thank you.
Ravi.

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.