Count licences

jeleb · November 4, 2020, 9:58am

In input I have filebeat on the flexlm server, and my output is elasticsearch
Here is my running pipeline :

input {
  beats {
    port => 5044
  }
}
filter {
   
    #parse IN/OUT license lines
    if [message] =~ /OUT:/ or [message] =~ /IN:/ {
        
        grok {
             match => [ "message", "%{DATA:checkout_time} \(%{DATA:vendor}\) (?<in_out>(OUT|IN))\: \"%{DATA:feature_name}\" %{DATA:user_id}@%{USERNAME:client_machine}" ]
        }

        mutate {
               replace => ["message", "%{+YYYY-MM-dd HH:mm:ss Z} %{vendor} %{in_out} %{feature_name} %{user_id} %{client_machine}"]
        }
    } else { 
        drop { }
    }
}

output {
    elasticsearch {
      hosts => "http://elasticsearch:9200"
      index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
  }
}

It seems to work for me

I tried to use metrics, but I found that it can only increase vars, not doing calculation
I want to have something like :
"new_message", "%{%{+YYYY-MM-dd HH:mm:ss Z} %{feature_name} %{count_current_used_license_of_feature_name}"

Thank you

Topic		Replies	Views
No events/s for logstash events with basic license Logstash elastic-stack-monitoring	1	370	December 30, 2018
Logstash showing Document count as 1. only last line of the syslog is displaying in kibana Logstash	1	233	December 7, 2021
How logstash can get the total number of line in a file (count)) Logstash	11	4041	May 31, 2018
Count with logstash Logstash	7	2602	November 28, 2017
EPS count on ELK Logstash	1	936	March 12, 2020

Count licences

Related topics