Elapsed questions

kiwi0217 · October 4, 2017, 1:07pm

the filter is:
grok {
patterns_dir => ["/etc/logstash/conf.d/pattern"]
match => {
"loginout" => "User logged in: %{JUSER:jupyter_user}"
}
add_tag => ["taskStarted"]
tag_on_failure => [ ]
}
grok {
patterns_dir => ["/etc/logstash/conf.d/pattern"]
match => {
"loginout" => "User logged out: %{JUSER:jupyter_user}"
}
add_tag => ["taskEnded"]
tag_on_failure => [ ]
}
elapsed {
start_tag => "taskStarted"
end_tag => "taskEnded"
unique_id_field => "jupyter_user"
timeout => 1800
}

warkolm · October 6, 2017, 5:33am

What do you mean?

You should really move this pattern file elsewhere. That's the directory Logstash assumes config files are, not pattern ones.

system · November 3, 2017, 5:34am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash duration quastion Logstash	4	432	October 26, 2017
Compare fields and report Kibana	5	300	February 3, 2023
Continuous display of time difference Logstash	1	166	May 3, 2022
Updating Start Event Using Elapsed Plugin After Stop Event Received Logstash	1	503	July 6, 2017
Calculate time difference between two log lines - Logstash Logstash	5	929	January 19, 2022

Elapsed questions

Related Topics