Collect multiple events for processing in the filter and send to output (bulk)

Kosodrom · March 29, 2022, 3:49pm

Hi folks,

I have following use case:

I receive events from beat and would like to enrich them with additional information using a filter plugin in logstash. The filter plugin must send a request to an endpoint and retrieve information based on the event information I have received in the input. Due to massive amount if events it is not possible to send an API call for each and every one by one (otherwise I would just use http filter plugin) Usually I would collect a given amount of events (lets say 200) and send them as a bulk.

Is there such a mechanism in logstash which will allow me to collect incoming events, process them all at once in a logstash filter and proceed with output?

Thanks for any suggestions

Badger · March 29, 2022, 4:25pm

You may be able to do it using an aggregate filter. This thread and the ones it links to may help you with some ideas.

system · April 26, 2022, 4:25pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Combining multiple events Logstash	1	435	December 5, 2017
Logstash http input for files containing multiple events Logstash	2	1160	December 10, 2016
How can i send all the events in one email using logstash Logstash	4	524	January 3, 2019
How does logstash use pipeline.batch.size to execute pipeline? Logstash	8	970	February 7, 2023
How to aggregate multiple events into single output Logstash	5	1247	August 18, 2020

Collect multiple events for processing in the filter and send to output (bulk)

Related topics