How to add timestamp to aggregate filter

krishna_bhargav · October 24, 2019, 5:30pm

filter contents below, timeevent should display current timestamp

aggregate {

		task_id => "%{ENVIRONMENT_ID}_%{SPN_FIRM_ID}_%{ENTITY_TYPE}_%{ENTITY_ID}"
		code => '
			map["keyInformation"] ||= {}
			map["keyInformation"]["environmentId"]  = event.get("ENVIRONMENT_ID")
			map["keyInformation"]["entityId"] = event.get("ENTITY_ID")
			map["keyInformation"]["entityType"] = event.get("ENTITY_TYPE")
			map["keyInformation"]["firmId"] = event.get("SPN_FIRM_ID")
			
		
			map["associatedSleeves"] ||= [] 
			map["associatedSleeves"] << { 
			 "sleeveId" => event.get("SLV_ID") ,
			 "type" => event.get("SUB_MODEL_ID") ,
			 "nickname" => event.get("OWNER_ID") ,
			 "timeevent" => "%{@timestamp}" 
			}			
			event.cancel
		'
		push_map_as_event_on_timeout => true
		timeout => 2
    }

current output:

      "associatedSleeves" : [
        {
          "nickname" : "1",
          "type" : "1",
          "timeevent" : "%{@timestamp}",
          "sleeveId" : "146180"
        },
        {
          "nickname" : "2",
          "type" : "1",
          "timeevent" : "%{@timestamp}",
          "sleeveId" : "146181"
        }
      ],
      "keyInformation" : {
        "entityId" : "363147",
        "environmentId" : "QA_FDX",
        "firmId" : "101",
        "entityType" : "AC",
        "lastUpdated" : "2019-10-24T17:22:47.087Z"
      }

Badger · October 24, 2019, 5:44pm

Use event.get just as you did for the other fields.

krishna_bhargav · October 24, 2019, 6:02pm

@Badger Perfect it works ..Thanks

system · November 21, 2019, 6:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Aggregate filter timeout by event timestamp rather than by system time Logstash	1	552	July 6, 2017
How to replace @timestamp field in logstash aggregate filter map Logstash	2	387	July 9, 2021
Assigning an aggregated event timestamp to @timestamp Logstash	6	701	May 27, 2020
Aggregate filter to remember field accross lines Logstash	3	525	July 8, 2019
Give events without timestamp the timestamp from the last event Logstash	3	710	June 11, 2018

How to add timestamp to aggregate filter

Related topics