Converting bits to bytes

amakarenkov · August 16, 2018, 12:26pm

Greetings, guys!

Here I am with my awfull questions once again! Fast forward to my case:

What I am looking is to convert bits to bytes so I can use Kibana standart tools for working with bytes data type.
My input to logstash is basically json file with lots of stuff:

{"start":{"connected":[{"socket":5,"local_host":"10.3.201.9","local_port":34726,"remote_host":"10.3.5.144","remote_port":5201}],"version":"iperf 3.1.7","system_info":"LinuxRTR 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 
x86_64","timestamp":{"time":"Thu, 16 Aug 2018 10:40:28 GMT","timesecs":1534416028},"connecting_to":
{"host":"10.3.5.144","port":5201},"cookie":"LinuxRTR.1534416028.751162.03","tcp_mss_default":1448,"test_start":
{"protocol":"TCP","num_streams":1,"blksize":131072,"omit":3,"duration":10,"bytes":0,"blocks":0,"reverse":1}},"intervals":[{"streams":
[{"socket":5,"start":0,"end":10.000026,"seconds":10.000026,"bytes":902181608,"bits_per_second":721743427.96794,"omitted":false}],"sum":
{"start":0,"end":10.000026,"seconds":10.000026,"bytes":902181608,"bits_per_second":721743427.96794,"omitted":false}}],"end":{"streams":[{"sender":
{"socket":5,"start":0,"end":10.000026,"seconds":10.000026,"bytes":903872512,"bits_per_second":723096130.444883},"receiver":
{"socket":5,"start":0,"end":10.000026,"seconds":10.000026,"bytes":902429272,"bits_per_second":721941541.445386}}],"sum_sent":
{"start":0,"end":10.000026,"seconds":10.000026,"bytes":903872512,"bits_per_second":723096130.444883},"sum_received":
{"start":0,"end":10.000026,"seconds":10.000026,"bytes":902429272,"bits_per_second":721941541.445386},"cpu_utilization_percent":
{"host_total":28.089542,"host_user":4.618185,"host_system":23.497408,"remote_total":16.10341,"remote_user":2.905974,"remote_system":13.197436},"receiver_tcp_congestion":"cubic"}}

Im looking for translating existing field end.sum_received.bits_per_second into completely new field new_field_bytes_per_second

Here is filter:

input {
  beats {
    port => 5044
    codec => "json_lines"
  }
}

 filter {
  if [end][sum_received][bits_per_second] {
    ruby {
      code => "event['new_field_bytes_per_second'] = event['[end][sum_received][bits_per_second]'] / 8"
    }
  }
}

output {
  stdout {
    codec => rubydebug
  }
  elasticsearch {
    hosts => "localhost"
    index => "iperf3-%{+YYYY-MM-dd}"
  }

Im struggling with filter, I think Im doing something wrong, cause I cannot find my new field in Kibana...

Badger · August 16, 2018, 1:37pm

Try

code => "event.set('new_field_bytes_per_second', event.get('[end][sum_received][bits_per_second]') / 8)"

amakarenkov · August 16, 2018, 2:36pm

Hi! And thank you for help, sir! It worked!

P.S. It seems that I have to completely delete index and add it again to force logstash filter to work with new configuration. I may be wrong, but my new configuration started to work only after I did reboot my server and deleted this particular index

system · September 13, 2018, 2:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.