And the gdata field contains the error that you want to track? Make sure the field is a keyword field by adjusting the index template you're using, then use Elasticsearch to aggregate on that field and count the frequency of various messages.
thanks @magnusbaeck
yes. gdata field i want to track and get a count of particular error from that.
As i am new to logstash.Can you please tell me how i can achieve this.
my requirement is to get aggregation of gdata on a exportable file for mailing purpose (i can done manually) on daily basis
so i don't want elastic search in this scenario
Since Logstash doesn't store any events on its own you'll have to build something outside Logstash. You could e.g. have Logstash dump the parsed log events to a file and then at whatever interval you like run a script that parses that file and tabulates the number of errors and produces an output file.
You can probably use the aggregate filter, but if you do it'll continuously give you aggregated counts. If you want to produce reports once a day this isn't very practical since you'd have to aggregate the aggregates.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.