How to add timestamp to aggregate filter

krishna_bhargav · October 24, 2019, 5:30pm

filter contents below, timeevent should display current timestamp

aggregate {

		task_id => "%{ENVIRONMENT_ID}_%{SPN_FIRM_ID}_%{ENTITY_TYPE}_%{ENTITY_ID}"
		code => '
			map["keyInformation"] ||= {}
			map["keyInformation"]["environmentId"]  = event.get("ENVIRONMENT_ID")
			map["keyInformation"]["entityId"] = event.get("ENTITY_ID")
			map["keyInformation"]["entityType"] = event.get("ENTITY_TYPE")
			map["keyInformation"]["firmId"] = event.get("SPN_FIRM_ID")
			
		
			map["associatedSleeves"] ||= [] 
			map["associatedSleeves"] << { 
			 "sleeveId" => event.get("SLV_ID") ,
			 "type" => event.get("SUB_MODEL_ID") ,
			 "nickname" => event.get("OWNER_ID") ,
			 "timeevent" => "%{@timestamp}" 
			}			
			event.cancel
		'
		push_map_as_event_on_timeout => true
		timeout => 2
    }

current output:

      "associatedSleeves" : [
        {
          "nickname" : "1",
          "type" : "1",
          "timeevent" : "%{@timestamp}",
          "sleeveId" : "146180"
        },
        {
          "nickname" : "2",
          "type" : "1",
          "timeevent" : "%{@timestamp}",
          "sleeveId" : "146181"
        }
      ],
      "keyInformation" : {
        "entityId" : "363147",
        "environmentId" : "QA_FDX",
        "firmId" : "101",
        "entityType" : "AC",
        "lastUpdated" : "2019-10-24T17:22:47.087Z"
      }

Badger · October 24, 2019, 5:44pm

Use event.get just as you did for the other fields.

krishna_bhargav · October 24, 2019, 6:02pm

@Badger Perfect it works ..Thanks

system · November 21, 2019, 6:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Assigning an aggregated event timestamp to @timestamp Logstash	6	673	May 27, 2020
Using aggregate filter to measure response time Logstash	3	965	July 29, 2019
Aggregate filter timeout by event timestamp rather than by system time Logstash	1	538	July 6, 2017
Aggregate filter with timeout_timestamp_field Logstash	3	1385	September 11, 2018
Logstash - Filter.Aggregate - push_map_as_event_on_timeout not happening Logstash	4	1067	August 27, 2020

How to add timestamp to aggregate filter

Related topics